Security Flaws In Smart City Technology

Uploaded on 2018-09-27 in TECHNOLOGY--Developments, NEWS-News Analysis, GOVERNMENT-Local, FREE TO VIEW, TECHNOLOGY-Key Areas-Internet of Things

The “smart city” sounds like a digital utopia, a place where data eliminates first-world hassles, dangers and injustices. But there are some problems with smart cities. Smart-city technology continues to roll out in municipalities worldwide, everything from automated alerts about weather hazards and traffic issues to smart lighting and connected trash systems. 

However, like the rest of the Internet of Things (IoT) ecosystem, security is always a concern. Researchers at IBM and Threatcare have found vulnerabilities in smart city devices, which are used for everything from traffic monitoring to radiation detection. 

This means hackers could potentially hijack the devices, either to create panic or to prevent the devices from detecting when a real emergency exists, says Daniel Crowley, research director at IBM X-Force Red, a security-testing unit.

“Attackers could manipulate water level sensor responses to report flooding in an area where there is none, creating panic, evacuations and destabilization,” Crowley said, adding that the same could be true for radiation monitors at nuclear power plants and similar critical infrastructure. 

“Conversely, attackers could silence flood sensors to prevent warning of an actual flood event, or other catastrophes…”. “I think the danger is that when you’re relying upon sensor data for safety reasons, and that sensor data can be corrupted” continues Crowley.

The researchers say they found a total of 17 vulnerabilities across systems used in smart-city technology. To test the systems, the researchers began by dissecting firmware they were able to obtain online, then later acquired some of the systems after spotting potential vulnerabilities, says Jennifer Savage, a security researcher at Threatcare.

Some warnings systems have already been used by hackers, at least to cause mischief. Last year, a prankster set off emergency sirens across Dallas for more than 90 minutes, and hackers have previously hijacked TV emergency signals and tampered with digital road-warning signs.

The researchers advise agencies and companies implementing smart-sensor systems to restrict IP addresses permitted to connect to the devices and to safeguard passwords and digital keys used to gain access. They also recommended using standard security tools and hiring outside testers to verify that the systems are secure.

After all, unlike home-automation systems, people often have little direct control over what systems installed by their local governments could have an impact on their lives. “As smart cities become more common, the industry needs to re-examine the frameworks for these systems, to design and test them with security in mind from the start,” Crowley said.

I-HLS

You Might Also Read:

US City Of Atlanta Suffers An Attack:

Dubai: Internet City:

 

 

« Dubai: Internet City
Hackers Are Fighting A Surrogate Cold War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

A-SIT Secure Information Technology Center

A-SIT Secure Information Technology Center

A-SIT was founded in 1999 as a registered nonprofit association and is established as a competence center for IT-Security.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

LSEC

LSEC

LSEC is a not for profit organization that has the objective to promote Information Security and the expertise in BeNeLux and Europe.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Ntirety

Ntirety

Ntirety Managed Security Services offer enterprise businesses the advanced tools, processes, and support to ensure your infrastructure, networks, and mission-critical applications are secure.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

Technology Law Alliance (TLA)

Technology Law Alliance (TLA)

Technology Law Alliance is a specialist IT law firm focussed on the fields of technology, outsourcing and e-commerce.

jobsDB.com

jobsDB.com

jobsDB Singapore is a search engine for jobs throughout Singapore.

Enet 1 Group1

Enet 1 Group1

Enet 1 Group audits, assesses, recommends, and delivers tested solutions for the ever-increasing threats to your critical systems and digital assets

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.

Casepoint

Casepoint

Casepoint is the legal technology platform of choice for corporations, government agencies, and law firms to meet their complex eDiscovery, investigations, and compliance needs.

RapidSpike

RapidSpike

RapidSpike is the only website monitoring solution that focuses all three key aspects of website health: performance, reliability AND security.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.