Post Oak Traffic Systems Enhances AWAM Reader Field Software Security
HOUSTON, TEXAS – December 3, 3012 – Post Oak Traffic Systems, Inc. has announced that enhancements have been completed to increase the security of its Anonymous Wireless Address Matching ™ Bluetooth Reader field software. As part of our continuous improvement process, this enhancement addresses a potential vulnerability that may have allowed skilled, unauthorized users to eavesdrop during a remote connection typically used only during the short time period of device configuration in the factory. This vulnerability did not apply during normal operation of the unit or during transmittal of traffic data from field to host. There were no known instances of breach that have occurred with any Post Oak Traffic powered system.
The potential security vulnerability and mitigation actions have been reported by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of the US Department of Homeland Security. ICS-CERT works to improve the security posture of control systems critical to the nation’s infrastructure, including transportation systems. Post Oak Traffic Systems worked with ICS-CERT to identify and mitigate potential security issues which may have resulted under some networking configurations.
Although the nature of the traffic data being sent by the AWAM devices is relatively benign, particularly when the truncation and encryption feature is enabled, Post Oak staff acted quickly to address any security concerns that may have existed. All new AWAM devices will be shipped with firmware that addresses the concern. Customers can contact Post Oak Traffic Systems or their distributors to evaluate the necessity of patching existing devices.