Endpoint Security , Internet of Things Security , Open XDR

Full Stop: Vulnerabilities in IoT Traffic Light Systems

Researcher Rik van Duijn of Zolder Offers Advice to IoT Application Developers
Rik van Duijn, co-founder, Zolder

What if you could ride a bike up to a traffic light and have it turn green? That’s already possible in some cities in the Netherlands that have installed IoT traffic lights.

See Also: The Security Testing Imperative

But security researchers have already uncovered problems. The traffic lights interact with an app on a rider’s phone. During a recent presentation at the Def Con security conference, researchers with the security firm Zolder showed how they could remotely trigger the lights without being near one.

Rik van Duijn, co-founder of Zolder, says his team, which included Wesley Neelen, reverse engineered applications that developers are making that are compatible with the traffic lights. It was trial and error, but they eventually figured out how to replicate sending the correct commands from afar.

“There’s no real authentication on who or where you are,” van Duijn says. “The service relies on the input you give, and that’s actually the reason this whole research project started.”

In this video interview, van Duijn discusses:

  • Why the IoT traffic lights were vulnerable to manipulation;
  • What the findings mean for developers of critical infrastructure projects.
  • Recommendations for developers working on IoT public infrastructure.

van Duijn is co-founder of Zolder, a security firm launched in March that's based in Noordhoek, Netherlands. Before that, he was a security researcher and pentester for KPN and also an ethical hacker and pentester with DearBytes B.V.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.