Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,176
- Points
- 113
The vulnerability can harm national security.
A security researcher has discovered a vulnerability in a traffic light controller that could allow attackers to alter signals and create traffic jams. Andrew Lemon of Red Threat reported that he found a bug in the Intelight X-1 device, which allows anyone to get full control over traffic lights. The reason for this is that there is no authentication on the device's web interface that is accessible on the Internet.
Lemon was trying to reproduce a scenario where all the traffic lights at an intersection switch to green, as shown in the movies. However, a device called the Malfunction Management Unit prevents such situations. However, attackers can change the time parameters of traffic lights, which will lead to physical problems, such as traffic jams.
Lemon and his team found about 30 vulnerable Intelight devices accessible over the Internet. He reported the problem to Q-Free, which owns Intelight. However, instead of cooperating, Q-Free sent him a legal letter, claiming that the device analyzed by Lemon is no longer for sale, and his research may have violated the law on computer fraud.
The company also expressed concern that publishing the vulnerability could harm national security and lead to attacks on infrastructure. Lemon believes that the company is trying to silence him using legal threats.
Q-Free representative Trisha Tunilla noted that the controller has not been produced for almost a decade and recommended that users replace old devices with new models. Lemon also discovered that some Internet-connected devices from Econolite use the potentially vulnerable NTCIP protocol. A representative of Econolite confirmed that these devices are already outdated and all users should replace them with new models.
Experts recommend following best practices for network security and limiting access to critical equipment over the open Internet.
Source
A security researcher has discovered a vulnerability in a traffic light controller that could allow attackers to alter signals and create traffic jams. Andrew Lemon of Red Threat reported that he found a bug in the Intelight X-1 device, which allows anyone to get full control over traffic lights. The reason for this is that there is no authentication on the device's web interface that is accessible on the Internet.
Lemon was trying to reproduce a scenario where all the traffic lights at an intersection switch to green, as shown in the movies. However, a device called the Malfunction Management Unit prevents such situations. However, attackers can change the time parameters of traffic lights, which will lead to physical problems, such as traffic jams.
Lemon and his team found about 30 vulnerable Intelight devices accessible over the Internet. He reported the problem to Q-Free, which owns Intelight. However, instead of cooperating, Q-Free sent him a legal letter, claiming that the device analyzed by Lemon is no longer for sale, and his research may have violated the law on computer fraud.
The company also expressed concern that publishing the vulnerability could harm national security and lead to attacks on infrastructure. Lemon believes that the company is trying to silence him using legal threats.
Q-Free representative Trisha Tunilla noted that the controller has not been produced for almost a decade and recommended that users replace old devices with new models. Lemon also discovered that some Internet-connected devices from Econolite use the potentially vulnerable NTCIP protocol. A representative of Econolite confirmed that these devices are already outdated and all users should replace them with new models.
Experts recommend following best practices for network security and limiting access to critical equipment over the open Internet.
Source
