Security Flaws In Smart City Technology

The “smart city” sounds like a digital utopia, a place where data eliminates first-world hassles, dangers and injustices. But there are some problems with smart cities. Smart-city technology continues to roll out in municipalities worldwide, everything from automated alerts about weather hazards and traffic issues to smart lighting and connected trash systems. 

However, like the rest of the Internet of Things (IoT) ecosystem, security is always a concern. Researchers at IBM and Threatcare have found vulnerabilities in smart city devices, which are used for everything from traffic monitoring to radiation detection. 

This means hackers could potentially hijack the devices, either to create panic or to prevent the devices from detecting when a real emergency exists, says Daniel Crowley, research director at IBM X-Force Red, a security-testing unit.

“Attackers could manipulate water level sensor responses to report flooding in an area where there is none, creating panic, evacuations and destabilization,” Crowley said, adding that the same could be true for radiation monitors at nuclear power plants and similar critical infrastructure. 

“Conversely, attackers could silence flood sensors to prevent warning of an actual flood event, or other catastrophes…”. “I think the danger is that when you’re relying upon sensor data for safety reasons, and that sensor data can be corrupted” continues Crowley.

The researchers say they found a total of 17 vulnerabilities across systems used in smart-city technology. To test the systems, the researchers began by dissecting firmware they were able to obtain online, then later acquired some of the systems after spotting potential vulnerabilities, says Jennifer Savage, a security researcher at Threatcare.

Some warnings systems have already been used by hackers, at least to cause mischief. Last year, a prankster set off emergency sirens across Dallas for more than 90 minutes, and hackers have previously hijacked TV emergency signals and tampered with digital road-warning signs.

The researchers advise agencies and companies implementing smart-sensor systems to restrict IP addresses permitted to connect to the devices and to safeguard passwords and digital keys used to gain access. They also recommended using standard security tools and hiring outside testers to verify that the systems are secure.

After all, unlike home-automation systems, people often have little direct control over what systems installed by their local governments could have an impact on their lives. “As smart cities become more common, the industry needs to re-examine the frameworks for these systems, to design and test them with security in mind from the start,” Crowley said.

I-HLS

You Might Also Read:

US City Of Atlanta Suffers An Attack:

Dubai: Internet City:

 

 

« Dubai: Internet City
Hackers Are Fighting A Surrogate Cold War »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

WhiteHat Security

WhiteHat Security

WhiteHat’s products enable customers to “Hack Yourself First” so that they gain a greater understanding of the actual risk to their business.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Digital DNA

Digital DNA

Digital DNA provides Law-Enforcement-Grade Computer Forensics, Cyber Security and E-Discovery Investigations.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

ByteLife Solutions

ByteLife Solutions

ByteLife Solutions specialises in the provision of IT infrastructure services and solutions, including cybersecurity.

Cybersecurity Manufacturing Innovation Institute (CyManII)

Cybersecurity Manufacturing Innovation Institute (CyManII)

CyManII was established to create economically viable, pervasive, and inconspicuous cybersecurity in American manufacturing to secure the digital supply chain and energy automation.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub is a non-profit network organization focused on cooperation, information sharing, research and implementation of cutting-edge technologies in cybersecurity.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Pragma Strategy

Pragma Strategy

Pragma is a CREST approved global provider of cybersecurity solutions. We help organisations strengthen cyber resilience and safeguard valuable information assets with a pragmatic approach.

ZINAD IT

ZINAD IT

ZINAD is an information security company offering state-of-the-art cybersecurity awareness products, solutions and services.