Connected vehicle (CV) technology enables data exchange between vehicles and transportation infrastructure and therefore has great potentials to improve current traffic signal control systems. However, this connectivity might also bring cyber security concerns. As the first step in investigating the cyber security of CV-based traffic signal control (CV-TSC) systems, potential cyber threats need to be identified and corresponding impact needs to be evaluated. In this paper, we aim to evaluate the impact of cyber attacks on CV-TSC systems by considering a realistic attack scenario in which the control logic of a CV-TSC system is unavailable to attackers. Our threat model presumes that an attacker may learn the control logic using a surrogate model. Based on the surrogate model, the attacker may launch falsified data attacks to influence signal control decisions. In the case study, we realistically evaluate the impact of falsified data attacks on an existing CV-TSC system (i.e., I-SIG).