Stealing SIMs from Traffic Lights
Friday, 14 January 2011

It's a clever idea - create a network of traffic lights that communicate using radio data links. Unfortunately when thieves discovered that the lights used standard SIM cards the temptation proved too great.

Banner

 

If you are creating embedded code for a device then security isn't usually uppermost on your list of concerns but a news item from South Africa should make you pause to consider an aspect of security you might well overlook.

The clever administrators of the City of Johannesburg must have thought it was a really great idea when they decided to install traffic lights that communicated with the central control via a cellular modem - no wires needed for the data link and you only pay for what you use.

Cellular data links are an attractive option for any distributed embedded device be it a monitoring unit or a control device like the traffic lights. However, and you can probably guess what's coming, each cellular modem needed a SIM to make connection and the SIMs used were 100% standard mobile phone SIMs with standard accounts.  When enterprising thieves learned that there were lots of poles with free SIM cards on top the result was inevitable. Unfortunately the thieves damaged the traffic light control units in the removal of the SIM card and now the city faces a large (R8.8 million) bill to replace all of the damaged lights.

simcard

The stolen SIM cards have now been blocked and the designers are trying to work out how to make the electronics less attractive to thieves.

The long term solution is probably to use custom SIM cards that don't fit let alone work in a standard phone. However, when designing embedded systems it is always going to be attractive to make use of existing off the shelf hardware - it's generally cheaper and doesn't involve any development process. Some measure of security would have been achieved if, say, the SIM was data-only or if it was locked down using digital security, but it's physical appearance might still have encouraged thieves to steal it.

With the growth of the "Internet of things" this is a problem that can only get worse. 

More information

Official Johannesburg website report

Discussion at the Schneier on Security blog

 

Banner


GNU Emacs 24.4 Released
27/10/2014

The new version of the cross platform text editor widely used on Linux represents quite a big update and includes new functionality.



DukeScript - Java Everywhere Again?
06/10/2014

DukeScript is a Duke's Choice winner at JavaOne 2014 and it is another take on the Java dream of write once run anywhere. In this case the target is mobile and web apps. 


More News

Last Updated ( Friday, 14 January 2011 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.