Security Flaws In Smart City Technology

Uploaded on 2018-09-27 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW, TECHNOLOGY-Key Areas-Internet of Things

The “smart city” sounds like a digital utopia, a place where data eliminates first-world hassles, dangers and injustices. But there are some problems with smart cities. Smart-city technology continues to roll out in municipalities worldwide, everything from automated alerts about weather hazards and traffic issues to smart lighting and connected trash systems. 

However, like the rest of the Internet of Things (IoT) ecosystem, security is always a concern. Researchers at IBM and Threatcare have found vulnerabilities in smart city devices, which are used for everything from traffic monitoring to radiation detection. 

This means hackers could potentially hijack the devices, either to create panic or to prevent the devices from detecting when a real emergency exists, says Daniel Crowley, research director at IBM X-Force Red, a security-testing unit.

“Attackers could manipulate water level sensor responses to report flooding in an area where there is none, creating panic, evacuations and destabilization,” Crowley said, adding that the same could be true for radiation monitors at nuclear power plants and similar critical infrastructure. 

“Conversely, attackers could silence flood sensors to prevent warning of an actual flood event, or other catastrophes…”. “I think the danger is that when you’re relying upon sensor data for safety reasons, and that sensor data can be corrupted” continues Crowley.

The researchers say they found a total of 17 vulnerabilities across systems used in smart-city technology. To test the systems, the researchers began by dissecting firmware they were able to obtain online, then later acquired some of the systems after spotting potential vulnerabilities, says Jennifer Savage, a security researcher at Threatcare.

Some warnings systems have already been used by hackers, at least to cause mischief. Last year, a prankster set off emergency sirens across Dallas for more than 90 minutes, and hackers have previously hijacked TV emergency signals and tampered with digital road-warning signs.

The researchers advise agencies and companies implementing smart-sensor systems to restrict IP addresses permitted to connect to the devices and to safeguard passwords and digital keys used to gain access. They also recommended using standard security tools and hiring outside testers to verify that the systems are secure.

After all, unlike home-automation systems, people often have little direct control over what systems installed by their local governments could have an impact on their lives. “As smart cities become more common, the industry needs to re-examine the frameworks for these systems, to design and test them with security in mind from the start,” Crowley said.

I-HLS

You Might Also Read:

US City Of Atlanta Suffers An Attack:

Dubai: Internet City:

 

 

« Dubai: Internet City
Hackers Are Fighting A Surrogate Cold War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

Trusted Objects

Trusted Objects

Trusted Object's mission is to provide state of the art security solutions and services enabling a strong root of trust for the IoT ecosystem.

Exire Technologies

Exire Technologies

Exire Technologies is comprised of a team of professionals who are specialised in cybersecurity and a value added reseller and integrator of ICT security systems.

Citalid

Citalid

The Citalid cyber risk management platform combines threat and business intelligence to identify the risks scenarios you face.

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

X Technologies

X Technologies

X Technologies provide world-class engineering, information technology, information security, program management and repair services to Federal, State and commercial customers.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

Scalarr

Scalarr

Scalarr is an innovative, next-generation cyber security firm focused on automation and AI to detect and prevent threats in mobile and Edge/IoT infrastructures.

GovSky

GovSky

GovSky streamlines CMMC compliance, saving time and significantly reducing cost.

Offenso Hackers Academy

Offenso Hackers Academy

At Offenso we focus on cyber security training focused on producing cyber security professionals with a wide range of abilities to counter threats from the internet and cloud to a business.

XBOW

XBOW

XBOW brings AI to offensive security, augmenting the work of bug hunters and security researchers.

Corgea

Corgea

Corgea is AI-powered security platform that finds, triages and fixes your insecure code.

Atumcell

Atumcell

Atumcell’s targeted risk assessment exposes emerging threats before they cause harm.