It's a clever idea - create a network of traffic lights that communicate using radio data links. Unfortunately when thieves discovered that the lights used standard SIM cards the temptation proved too great.
If you are creating embedded code for a device then security isn't usually uppermost on your list of concerns but a news item from South Africa should make you pause to consider an aspect of security you might well overlook.
The clever administrators of the City of Johannesburg must have thought it was a really great idea when they decided to install traffic lights that communicated with the central control via a cellular modem - no wires needed for the data link and you only pay for what you use.
Cellular data links are an attractive option for any distributed embedded device be it a monitoring unit or a control device like the traffic lights. However, and you can probably guess what's coming, each cellular modem needed a SIM to make connection and the SIMs used were 100% standard mobile phone SIMs with standard accounts. When enterprising thieves learned that there were lots of poles with free SIM cards on top the result was inevitable. Unfortunately the thieves damaged the traffic light control units in the removal of the SIM card and now the city faces a large (R8.8 million) bill to replace all of the damaged lights.
The stolen SIM cards have now been blocked and the designers are trying to work out how to make the electronics less attractive to thieves.
The long term solution is probably to use custom SIM cards that don't fit let alone work in a standard phone. However, when designing embedded systems it is always going to be attractive to make use of existing off the shelf hardware - it's generally cheaper and doesn't involve any development process. Some measure of security would have been achieved if, say, the SIM was data-only or if it was locked down using digital security, but it's physical appearance might still have encouraged thieves to steal it.
With the growth of the "Internet of things" this is a problem that can only get worse.
Official Johannesburg website report
Discussion at the Schneier on Security blog