VIEW 
THE APPS

News

Previous | Next

Media coverage of bicyclist-manipulated traffic lights on NOS.nl (and other outlets)

06 August 2020

It is important to note the distinction between the hacked apps and the traffic lights to which these were connected (i.e. conventional traffic light platforms) on the one hand, and the hundreds of intelligent traffic lights throughout the country that fall under the Talking Traffic partnership (i.e. the Ministry of Infrastructure and Water Management, local authorities, and some 20 companies in the private sector) and the apps it makes use of in a coordinated manner, on the other. It should be emphasised that the latter were not hacked.

The 1200 smart traffic lights as mentioned in the media are part of the Talking Traffic data chain.

  • A series of technical and organisational security measures has been built into the Talking Traffic data chain, each of which is tested periodically in terms of reliability (audits and pen tests). This includes the installation of various monitoring functions between apps and traffic lights. This matter has had, and continues to have, our full attention.
  • The manipulation involved two apps and traffic lights that were not part of the aforementioned data chain and had no such built-in monitoring functions or preventive measures: 2 suppliers and some municipalities took the initiative of allowing the unapproved apps to connect to their (conventional) traffic light platforms.

Context:

  • Various parties (including municipalities, provinces, Rijkswaterstaat and the Ministry of Infrastructure and the Environment) are working together, as part of the Talking Traffic chain, on the development of e.g. intelligent traffic control systems.
  • Intelligent traffic lights are traffic lights that are able to communicate with “connected” road users via the “cloud” for the purpose of anticipating current traffic volume.
  • This makes it possible to give certain road users, e.g. bicyclists and emergency services, priority over other traffic.
  • Very strict safety, usage, and monitoring requirements apply to the Talking Traffic chain.
  • These requirements are periodically audited and put through pen tests in the interest of keeping up quality, safety and security.
  • Ethical hackers recently discovered it to be possible to manipulate certain non-certified apps linked to conventional traffic lights that are not part of the Talking Traffic chain.
  • Two suppliers and some municipalities took the initiative of allowing the unapproved apps to connect to their (conventional) traffic light platforms.
  • Those apps have been disconnected in the meantime, and the suppliers in question have promised to take measures in order to provide a better product in the near future.
  • The hacks did not result in any dangerous situations, by the way. No green light conflicts were reported, i.e. multiple traffic lights for the various directions that come together at an intersection all turning green at once; this was never an issue.
  • And for the sake of completeness: even if a hacker would like to pretend to be thousands of cyclists from different directions at the same intersection, they can request priority, but they