They're exaggerating to say that these hacks are real. They certainly aren't real in the way they portray them in the game, by just pointing at something and knowing instantly what can be hacked on the device and then pressing a single button to actually do the hack.
But even without that, most of the "real life" versions of these hacks aren't nearly so useful as in the game.
The game even invented fake operating systems and security systems so that they could have what the game needed to be able to hack them. And they were all internet connected, of course. Unlike real security systems. (I'll grant that a lot of home security systems are on the internet, but corporate offices? No.)
I mean there is also the conceit that there is a black hat movement (e.g. dedsec) backing the main character composed of a few hundred people writing exploits, etc. Which is of course a bit of superhero-esque fiction. But the point is if Anonymous was organized and a bit more radicalized, it would be possible to write hacks like this.
For example if instead of presenting at conferences the exploit writers shared them with other people who weaponized them and hooked them up to a proprietary toolkit to act at the push of a button. Supported by a team of people who managed an OS that provided these features. Supported by a team of people who managed and maintained exploits into various networks.
In the game dedsec is a terrorist organization, with hundreds of cells, all cooperating and sharing exploits, source code, 3d printing designs, botnets, etc. internally. There are missions where you build a new tool for their OS by working with multiple cells. Getting the prototype code, testing it, giving it to a another cell to integrate, and then having it.
The point is with devoted manpower of that degree, and with common purpose, this could actually happen, even if it's super unlikely, like many non-magical superhero movies.
Conceptually, any sufficiently motivated and well funded organization could do already be doing this. Whether that's nation state actors, organized crime syndicates, model railway enthusiasts, etc.
I wouldn't be so quick to offer that conclusion. I've been to several "corporate/fortune 150+" and "commercial/satellite" offices that use "cloud-based" physical security products.
You actually do manage the users and credentials (and everything else) through the vendors website. The security system also periodically connects to the same website and downloads any updates that it needs to apply to itself.
The building engineers and physical security guys are typically not educated/savvy enough to know to avoid these systems, so they _do_ get installed in many surprising places.
The hack for causing accidents by hacking traffic lights wouldn't work because they are physically incabable of giving green lights to the wrong combinations.
My understanding has it that it's a comparatively simple piece of hardware, and isn't networked. It certainly ever happens that they're wired up wrong, but aren't something you can remotely hack.
Well, this could help you detect malfunctioning/hacked unit. But I doubt it's installed on every traffic light.
AFAIK the traffic lights are controlled by PLCs which can be easily reprogrammed if you gain access to them.
On the other hand, I've had an assignment a few weeks ago to make a circuit to control some traffic lights for crosswalk, and I'm pretty sure it was simple enough that the only way to hack it was to have direct access to it with a soldering iron.
It's my understanding that it is quite specifically installed on every traffic light (in the sense that it's both the purpose of the device and that it's legally required). Note that this does not control the lights, it simply monitors and switches to flashing-yellow (until a manual reset) if there's an error.
It's explained under section "2.4 Malfunction Management Unit" from the study linked immediately under the Traffic Control Exploit of the article. Sorry if I sound like a curmudgeon, I don't know how else to put it.
I heard it during a talk at RSA a few years back. The explanation was that it is a physical switch, so only certain combinations can be green at the same time.
Yes ... our lives will get a lot more "interesting" as the script kiddies figure out how to disrupt physical infrastructure. Most of the state actors aren't interested in crashing these systems (at least for now - that could change with the appropriate war). Instead, there's a profit motive in electronic espionage. When this knowledge is acquired by those that just want to break things, we'll find life a bit harder.
I do think a lot of the "comfort" that we have now is security through obscurity, i.e. lack of motive or passion. Ignoring the discussion of who actually was behind the targeting of the Clinton campaign, it's clear that all it took to make a massive impact is a batch script and very limited social engineering: http://motherboard.vice.com/read/how-hackers-broke-into-john...
That reminds me of another point ... we're getting used to seeing breaches that expose personal data, credentials, etc. But what other kinds of "data disasters" might come about through mass breaches similar to the MongoDB story on the front page yesterday. It seems inevitable that there will be confidential and/or proprietary data in some of these breaches that won't lead to identity theft but will lead to embarrassment or have financial ramifications.
But even without that, most of the "real life" versions of these hacks aren't nearly so useful as in the game.
The game even invented fake operating systems and security systems so that they could have what the game needed to be able to hack them. And they were all internet connected, of course. Unlike real security systems. (I'll grant that a lot of home security systems are on the internet, but corporate offices? No.)