It's amazing where these defects show up. I think Morris was right with his three laws. I also believe this was an direct application of "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices." The same authors are responsible for the paper, the advisory and the proof of concept against the traffic system. http://www.csoonline.com/article/723229/traffic-sensor-flaw-that-could-allow... Mobile security involves more than just keeping one's personal devices secure from hacks or other exploits. Threats can also come from the technology government uses to track and manage traffic flow. The Department of Homeland Security's (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert last week over a vulnerability that it said impacts Post Oak Traffic AWAM Bluetooth Reader Systems. The system collects data from drivers who are using Bluetooth equipment, and uses it to calculate their speed and determine traffic conditions on a particular highway or road. The alert said "insufficient entropy," or insecure encryption, in those roadway sensors could allow an attacker to impersonate the device, "obtain the credentials of administrative users and potentially perform a Man-in-the-Middle attack." "This could allow the attacker to gain unauthorized access to the system and read information on the device, as well as inject data compromising the integrity of the data," the alert said. ... _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE