April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Highway traffic monitoring system has exploitable electronic flaw, says CERT

Systems that can track automotive traffic on roadways, providing speed and highway traffic behavior patterns, have a flaw that could allow a skilled hacker to break in, according to the U.S. Industrial Control System Computer Emergency Readiness Team. (ICS-CERT)

A Nov. 30 advisory issued by CERT said a specific system used by some municipal governments around the country has an authentication vulnerability that could allow unauthorized access. The advisory said Post Oak Bluetooth traffic systems that use Anonymous Wireless Address Matching (AWAM) were affected.

AWAM systems detect vehicles that have Bluetooth-enabled networking devices aboard, including cellular phones, mobile GPS systems, telephone headsets, and in-vehicle navigation and hands-free systems. Each of those devices contains a unique electronic address that the AWAM system’s sensors can read as the device travels by on a roadway. The addresses aren’t tied to the users, so the tracking information can be used to track people, however.  

The AWAM systems are used as an alternative by some municipal governments and transportation departments to EZ-Pass RFID tags to watch for traffic jams and other traffic disruptions by measuring highway speeds and travel times.

An independent research group, said CERT on Nov. 30, identified an insufficient entropy vulnerability in authentication key generation in Post Oak’s AWAM Bluetooth Reader Traffic System. By impersonating the device, said CERT, an attacker could obtain the credentials of the systems administrative users and potentially perform a Man-in-the-Middle (MitM) attack, intercepting communications within the organization.

CERT said Post Oak has validated the vulnerability and produced an updated firmware version that mitigates the potential opening. CERT said Post Oak told it its products are deployed in the transportation sector, mainly in the U.S.


Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...