[hunter2_]

> for any traffic controller you happen to find on a network

But how would one get on such "a network" in the first place? I assume it would involve physically opening a (hopefully locked) cabinet in public near the road? So just a bit of cutting/picking reveals an ethernet port, you drop in a wireless bridge, close it back up, and then hack from a parked car?

[magmastonealex]

Well, the "locked" cabinet generally uses the same key everywhere in North America, which isn't a great start :)

A number of agencies put these controllers directly on the Internet (a search on Shodan for some telltale strings produces concerning numbers of hits).

Others will use one giant flat network across their entire city - so if you get access at once location, you have access to the entire network. This could mean accessing a "rural" or quiet location, but then actually attacking a much busier one.

[486sx33]

Every “genie” lift has the same key Most “skyjacks” have the same key, there are maybe 3 iterations. Tractors have a lot of similar if not the same keys RV handle locks (not padlocks) have about 8 different combinations - they are color coded. Eg your RV has the purple or green key. Dead bolts are unique Every single RV storage lock is the same, if you have an RV look at the storage lock and if it says “ CH751 “ , well now you know :)

[EvanAnderson]

I am aware of a municipality local to me that, as part of a franchise agreement for a new ISP entering the community, had the ISP run fiber to every traffic cabinet. They're connected back to the city network in a VLAN that's "behind the firewall". >sigh<

[SoftTalker]

Because of course a controller for a traffic light needs gigabit fiber internet connectivity....

[ddulaney]

That’s not the scary thing here. Better to future-proof it.

Running presumably unencrypted SNMP over shared lines is sketchy.

[SoftTalker]

Well to be fair a number of traffic lights now have cameras to monitor the intersection as well. Didn't consider that.

[EvanAnderson]

It was only 100Mbps service, per the agreement, but yeah... >smile<

They do have cameras at each intersection, as well as networked audio at many (for all the speakers hanging from light poles that blare annoying instrumental covers of old popular songs).

[kevin_thibedeau]

The issue is that legacy copper plant has a finite lifetime. Paper insulated lines are already mostly useless today. If you have to replace infrastructure you may as well select a more robust modern alternative.

[mschuster91]

Cameras are cheap these days, and with a decent fiber link, just install one for each crossing, feed the live streams back to the pig sty and whoops you suddenly have all you need for a comprehensive monitoring solution to track people. No matter if they're suspects or not.

The shit you saw on NCIS a decade ago and dismissed as "science fiction" is getting ever more to reality.

[hunter2_]

Interesting, but I think the VLAN in your explanation is equivalent to the "network" I'm asking about. The V is mostly immaterial, I think.

[oasisbob]

The VLAN part is important.

"LAN" doesn't imply the same use of VLAN trunking or flat network architecture.

Traffic infra being on a VLAN behind the firewall implies a lot of trust in the traffic infra physical plant. You can harden against layer 2 vulnerabilities, but they're a whole 'nother can of worms and possible failure point.

It also implies the possibility of VLAN trunking being used inappropriately.

All the CCIEs I've learned from and trusted were very suspicious about extending the size and scope of LANs offsite through VLANs.