Government Security News – (National) Highway traffic monitoring system has exploitable electronic flaw, says CERT. Systems that can track automotive traffic on roadways, providing speed and highway traffic behavior patterns has a flaw that could allow a skilled hacker to break in, according to the U.S. Industrial Control System Computer Emergency Readiness Team (ICS-CERT). A November 30 advisory issued by ICS-CERT said a specific system used by some municipal governments around the country has an authentication vulnerability that could allow unauthorized access. The advisory said Post Oak Bluetooth traffic systems that use Anonymous Wireless Address Matching (AWAM) were affected. AWAM systems detect vehicles that have Bluetooth — enabled networking devices aboard, including cellular phones, mobile GPS systems, telephone headsets, and in-vehicle navigation and hands-free systems. Each of those devices contains a unique electronic address that the AWAM system’s sensors can read as the device travels by on a roadway. An independent research group said ICS-CERT on November 30 identified an insufficient entropy vulnerability in authentication key generation in Post Oak’s AWAM Bluetooth Reader Traffic System. By impersonating the device, an attacker could obtain the credentials of the systems administrative users and potentially perform a Man-in-theMiddle (MitM) attack, intercepting communications within the organization. ICSCERT said Post Oak has validated the vulnerability and produced an updated firmware version that mitigates the potential opening. ICS-CERT said Post Oak said its products are deployed in the transportation sector, mainly in the U.S.
Ali Loney, on December 03, 2012