Your one-stop web resource providing safety and security information to manufacturers

Systems that can track auto traffic on roadways, providing speed and highway traffic behavior patterns, have a flaw that could allow a skilled hacker to break in.

Post Oak Bluetooth traffic systems that use Anonymous Wireless Address Matching (AWAM) suffer from a vulnerability, according the ICS-CERT.

Photovoltaic System Holes Mitigated
ABB Patches Webserver Hole
Hole Exists; Wrong Vendor Selected
Patch Fixes C3-ilex Holes

AWAM systems detect vehicles that have Bluetooth-enabled networking devices aboard, including cellular phones, mobile GPS systems, telephone headsets, and in-vehicle navigation and hands-free systems. Each of those devices contains a unique electronic address the AWAM system can read as the device travels by on a roadway.

The AWAM systems are an alternative by some municipal governments and transportation departments to EZ-Pass RFID tags to watch for traffic jams and other traffic disruptions by measuring highway speeds and travel times.

Schneider Bold

An independent research group identified an insufficient entropy vulnerability in authentication key generation in Post Oak’s AWAM Bluetooth Reader Traffic System, according the report on ICS-CERT.

By impersonating the device, an attacker could obtain the credentials of the system’s administrative users and potentially perform a Man-in-the-Middle attack, intercepting communications within the organization.

Post Oak validated the vulnerability and produced an updated firmware version that mitigates the potential opening. Post Oak’s products are mainly in the transportation sector in the U.S.

Pin It on Pinterest

Share This