[cryptography] OT: Traffic sensor flaw that could allow driver tracking fixed

[Jeffrey Walton]

It's amazing where these defects show up. I think Morris was right
with his three laws.

I also believe this was an direct application of "Mining Your Ps and
Qs: Detection of Widespread Weak Keys in Network Devices." The same
authors are responsible for the paper, the advisory and the proof of
concept against the traffic system.

http://www.csoonline.com/article/723229/traffic-sensor-flaw-that-could-allow-driver-tracking-fixed

Mobile security involves more than just keeping one's personal devices
secure from hacks or other exploits. Threats can also come from the
technology government uses to track and manage traffic flow.

The Department of Homeland Security's (DHS) Industrial Control Systems
Cyber Emergency Response Team (ICS-CERT) issued an alert last week
over a vulnerability that it said impacts Post Oak Traffic AWAM
Bluetooth Reader Systems. The system collects data from drivers who
are using Bluetooth equipment, and uses it to calculate their speed
and determine traffic conditions on a particular highway or road.

The alert said "insufficient entropy," or insecure encryption, in
those roadway sensors could allow an attacker to impersonate the
device, "obtain the credentials of administrative users and
potentially perform a Man-in-the-Middle attack."

"This could allow the attacker to gain unauthorized access to the
system and read information on the device, as well as inject data
compromising the integrity of the data," the alert said.
...
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE