All new cars are equipped with "Connected Vehicle" signaling technology, which allows them to send messages to other cars and to traffic lights and other fixed road infrastructure to help improve road signaling and, eventually, guide self-driving cars.
Last month, a U Michigan team presented a paper about a vulnerability in this system that would allow a single vehicle to enter an intersection and send malicious telemetry that would slow down the intersection indefinitely, by filing false reports of a stream of imaginary cars.
The researchers propose a scenario where malware in cars is used to effect a distributed attack on the road signaling across a whole city.
"The spoofed trajectory data from one single attack vehicle is able to increase the total delay by as high as 68.1%, which completely reverses the benefit of using the I-SIG system (26.6% decrease) and cause the mobility to be even 23.4% worse than that without using the I-SIG system," researchers say.
According to simulated traffic models, the Michigan team says that a fifth of all cars that enter an intersection took seven minutes to traverse the traffic junction that would have normally taken only half a minute.
"Based on our analysis, even though the I-SIG system has shown high effectiveness in reducing traffic delay in benign settings, the current algorithm design and configuration choices are highly vulnerable to data spoofing, and even the data from one single attack vehicle is able to manipulate the traffic control to a great extent, causing massive congestion," researchers say.
Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control [Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao and Henry X. Liu/NDSS 2018]
One Single Malicious Vehicle Can Block "Smart" Street Intersections in the US [Catalin Cimpanu/Bleeping Computer]