Security Flaws In Smart City Technology

Uploaded on 2018-09-27 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW, TECHNOLOGY-Key Areas-Internet of Things

The “smart city” sounds like a digital utopia, a place where data eliminates first-world hassles, dangers and injustices. But there are some problems with smart cities. Smart-city technology continues to roll out in municipalities worldwide, everything from automated alerts about weather hazards and traffic issues to smart lighting and connected trash systems. 

However, like the rest of the Internet of Things (IoT) ecosystem, security is always a concern. Researchers at IBM and Threatcare have found vulnerabilities in smart city devices, which are used for everything from traffic monitoring to radiation detection. 

This means hackers could potentially hijack the devices, either to create panic or to prevent the devices from detecting when a real emergency exists, says Daniel Crowley, research director at IBM X-Force Red, a security-testing unit.

“Attackers could manipulate water level sensor responses to report flooding in an area where there is none, creating panic, evacuations and destabilization,” Crowley said, adding that the same could be true for radiation monitors at nuclear power plants and similar critical infrastructure. 

“Conversely, attackers could silence flood sensors to prevent warning of an actual flood event, or other catastrophes…”. “I think the danger is that when you’re relying upon sensor data for safety reasons, and that sensor data can be corrupted” continues Crowley.

The researchers say they found a total of 17 vulnerabilities across systems used in smart-city technology. To test the systems, the researchers began by dissecting firmware they were able to obtain online, then later acquired some of the systems after spotting potential vulnerabilities, says Jennifer Savage, a security researcher at Threatcare.

Some warnings systems have already been used by hackers, at least to cause mischief. Last year, a prankster set off emergency sirens across Dallas for more than 90 minutes, and hackers have previously hijacked TV emergency signals and tampered with digital road-warning signs.

The researchers advise agencies and companies implementing smart-sensor systems to restrict IP addresses permitted to connect to the devices and to safeguard passwords and digital keys used to gain access. They also recommended using standard security tools and hiring outside testers to verify that the systems are secure.

After all, unlike home-automation systems, people often have little direct control over what systems installed by their local governments could have an impact on their lives. “As smart cities become more common, the industry needs to re-examine the frameworks for these systems, to design and test them with security in mind from the start,” Crowley said.

I-HLS

You Might Also Read:

US City Of Atlanta Suffers An Attack:

Dubai: Internet City:

 

 

« Dubai: Internet City
Hackers Are Fighting A Surrogate Cold War »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Ascent Solutions

Ascent Solutions

Ascent is built to help firms evolve their cybersecurity posture, modernize their Microsoft solutions, and accelerate their journey to the cloud.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

Praxis Security Labs

Praxis Security Labs

Praxis Security Labs is a research driven cybersecurity company that helps our customers to reduce risk and improve security.

ETI-NET

ETI-NET

ETI-NET is the worldwide leader in managing critical data for industries that never stop.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.

Infodot Technologies

Infodot Technologies

Infodot Technologies specialize in a co-managed IT support and services approach, where businesses share their IT responsibilities with a skilled Managed IT Services Provider (MSP).

Ory Corp

Ory Corp

Ory's IAM/CIAM solutions are designed to empower businesses with the tools they need to protect their users, services and things, and maintain compliance.