24. Traffic Light Manipulation: Discovering the Vulnerabilities within SCADA and Industrial Control Systems

Abstract

It has become increasingly obvious throughout their prolonged use in history that traffic lights are a development that will remain practical for years to come, yet the technology — and more importantly, the security — surrounding these everyday systems has come to a grinding halt over recent years. The scope of this research is to examine and exploit traffic signals within a controlled environment to demonstrate the lackluster security within the Modbus/TCP protocol as well as within Human-Machine Interfaces (HMIs) to represent how attackers could potentially manipulate Industrial Control Systems (ICS). This research utilizes the CybatiWorks™ Traffic Control System in conjunction with a Raspberry Pi 3 to simulate a real-world traffic system utilizing both the Modbus protocol combined with a HMI to enforce traffic signal changes, allowing for an accurate simulation of how an attacker with access to said HMI or conducting buffer-overflow attacks on the Modbus protocol can manipulate the traffic signals to their desired outcome. Overall, this should represent the dire necessity for a total revamp of both the network structures and protocols utilized within industrial control systems to ensure the safety of those depending on these systems while maintaining the intentions of those who developed these technologies.