Systems that can track auto traffic on roadways, providing speed and highway traffic behavior patterns, have a flaw that could allow a skilled hacker to break in.
Post Oak Bluetooth traffic systems that use Anonymous Wireless Address Matching (AWAM) suffer from a vulnerability, according the ICS-CERT.
AWAM systems detect vehicles that have Bluetooth-enabled networking devices aboard, including cellular phones, mobile GPS systems, telephone headsets, and in-vehicle navigation and hands-free systems. Each of those devices contains a unique electronic address the AWAM system can read as the device travels by on a roadway.
The AWAM systems are an alternative by some municipal governments and transportation departments to EZ-Pass RFID tags to watch for traffic jams and other traffic disruptions by measuring highway speeds and travel times.
An independent research group identified an insufficient entropy vulnerability in authentication key generation in Post Oak’s AWAM Bluetooth Reader Traffic System, according the report on ICS-CERT.
By impersonating the device, an attacker could obtain the credentials of the system’s administrative users and potentially perform a Man-in-the-Middle attack, intercepting communications within the organization.
Post Oak validated the vulnerability and produced an updated firmware version that mitigates the potential opening. Post Oak’s products are mainly in the transportation sector in the U.S.