Security Flaws In Smart City Technology

The “smart city” sounds like a digital utopia, a place where data eliminates first-world hassles, dangers and injustices. But there are some problems with smart cities. Smart-city technology continues to roll out in municipalities worldwide, everything from automated alerts about weather hazards and traffic issues to smart lighting and connected trash systems. 

However, like the rest of the Internet of Things (IoT) ecosystem, security is always a concern. Researchers at IBM and Threatcare have found vulnerabilities in smart city devices, which are used for everything from traffic monitoring to radiation detection. 

This means hackers could potentially hijack the devices, either to create panic or to prevent the devices from detecting when a real emergency exists, says Daniel Crowley, research director at IBM X-Force Red, a security-testing unit.

“Attackers could manipulate water level sensor responses to report flooding in an area where there is none, creating panic, evacuations and destabilization,” Crowley said, adding that the same could be true for radiation monitors at nuclear power plants and similar critical infrastructure. 

“Conversely, attackers could silence flood sensors to prevent warning of an actual flood event, or other catastrophes…”. “I think the danger is that when you’re relying upon sensor data for safety reasons, and that sensor data can be corrupted” continues Crowley.

The researchers say they found a total of 17 vulnerabilities across systems used in smart-city technology. To test the systems, the researchers began by dissecting firmware they were able to obtain online, then later acquired some of the systems after spotting potential vulnerabilities, says Jennifer Savage, a security researcher at Threatcare.

Some warnings systems have already been used by hackers, at least to cause mischief. Last year, a prankster set off emergency sirens across Dallas for more than 90 minutes, and hackers have previously hijacked TV emergency signals and tampered with digital road-warning signs.

The researchers advise agencies and companies implementing smart-sensor systems to restrict IP addresses permitted to connect to the devices and to safeguard passwords and digital keys used to gain access. They also recommended using standard security tools and hiring outside testers to verify that the systems are secure.

After all, unlike home-automation systems, people often have little direct control over what systems installed by their local governments could have an impact on their lives. “As smart cities become more common, the industry needs to re-examine the frameworks for these systems, to design and test them with security in mind from the start,” Crowley said.

I-HLS

You Might Also Read:

US City Of Atlanta Suffers An Attack:

Dubai: Internet City:

 

 

« Dubai: Internet City
Hackers Are Fighting A Surrogate Cold War »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

Jamcracker

Jamcracker

Jamcracker is a cloud services management and cloud governance solutions company, with more than a decade of experience providing industry leading software and services.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

TestArmy

TestArmy

TestArmy CyberForces provide you with a broad spectrum of cybersecurity services to test every aspect of your IT infrastructure security and software development process.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

Privasee

Privasee

Make GDPR compliance simple with Privasee. Our software makes it easy to protect your data and ensure you’re compliant with the new regulations.

Centre for Cyber Security Research & Innovation

Centre for Cyber Security Research & Innovation

The Centre for Cyber Security Research & Innovation is Nepal's First Academic Research Institute to focus on understanding the overall Information Security of Nepalese Organizations.

PeoplActive

PeoplActive

PeoplActive is an IT consulting and recruitment services organization with leading capabilities in digital, cloud and security.

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

Red Alpha Cybersecurity

Red Alpha Cybersecurity

At Red Alpha, we specialize in recruiting and rigorously training individuals passionate about cybersecurity.