Think the traffic lights in your town are secure? Think again.

Though hacking traffic light systems only seems to happen in action movies and heist flicks, a recent study from the University of Michigan’s Electrical Engineering and Computer Science Department has found that most traffic infrastructure systems have woefully poor internet security measures in place.

The study, titled “Green Lights Forever: Analyzing the Security of Traffic Infrastructure,” was recently featured in a Gizmodo article and has been making quite a few waves online, grabbing headlines everywhere from TIME to CNN. The level of attention being given to the study is not surprising: after all, U of M computer scientist J. Alex Halderman and his team hacked a traffic light system in an undisclosed Michigan town, from a simple laptop computer, with almost no difficulty at all.

So what are the vulnerabilities that Halderman and the Michigan team exploited to hack the system? Truthfully, they had their pick of the litter. Virtually every aspect of the traffic infrastructure system in question was insecure. Traffic controllers had neglected to encrypt the wireless internet connections running their city’s lights, had failed to secure the operating system debugging ports, and had even left default usernames and passwords intact.

In other words, there is nothing inherently  wrong traffic infrastructure systems that suggests that they have to be unsecured. Instead, as the U of M team discovered with their study, many traffic controllers are either clueless about internet security, or are not conscious of the threats posed by an easily hackable system.

Most of the problems here could be solved easily, just by changing default equipment settings. As the “Green Lights Forever” paper notes, the debug port is part of an operating system that is “left open for testing purposes,” but that should obviously be closed down and secured before the system is actually put into practical use. As for usernames and passwords, controllers could have changed them in 30 seconds.

Indeed, the reason that this U of M study has gotten attention is that traffic controllers were not vigilant in securing their systems, and as Gizmodo’s Adam Clark Estes noted in his article, that is a sizable concern in a world where everything is going online.