Wireless mobile traffic lights are often used to secure construction sites when roads are partially blocked. Some day, when a pair of them was placed close to our home, I set off to explore how they are working. In this talk, I will describe how I used a cheap RTL-SDR together with GQRX, Inspectrum, and GNU Radio to reverse engineer the modulation and frame format of different types of wireless traffic lights. With some patience, I could also make some sense out of the bits. In particular, I was able to extract the signal state and display it in a web interface, mirroring the traffic light. A closer look at the frame format and the apparent absence of any authentication might leave one with a bit of a worrying impression regarding the security of those systems.
Speakers: Bastian Bloessl