A year ago, Cessar Cerrudo, the CTO at IOActive Labs showed how the poorly secured traffic control system in the US cities can be hacked into and manipulated, much like what we’ve seen in movies like Die Hard 4 and Italian Job.
Such vulnerability is common to most countries, using sensor based traffic control measures. The system lacks basic security protections like authentication and data encryption.
A year later, on Wednesday, a security researcher, Cerrudo published a paper that outlines how globally, cities, even though are becoming increasingly smart, remain prone to cyber attacks due to underlying security problems.
“It’s a matter of time until someone launches an attack over some city infrastructure or system,” Cerrudo told Motherboard. “Of course it’s not something simple, but it’s possible.”
Through the report, Cerrudo explains how smart cities are evolving and essentially what makes them smart and then goes over to expose the potential chinks in the armour. And as is evident, there could be many.
He lists out a few security issues that could trigger a chaotic scenario:
- Lack of Cyber Security Testing
- Poor or Nonexistent Security
- Encryption Issues
- Lack of Computer Emergency Response Teams
- Large and Complex Attack Surfaces
- Patch Deployment Issues
- Insecure Legacy Systems
- Simple Bugs with Huge Impact
- Public Sector Issues
- Lack of Cyber Attack Emergency Plans
- Susceptibility to Denial of Service
- Technology Vendors Who Impede Security Research
“The current attack surface for cities is huge and wide open to attack. This is a real and immediate danger. The more technology a city uses, the more vulnerable to cyber attacks it is, so the smartest cities have the highest risks,” he wrote. Through the report Cerrudo also offered recommendations to reduce problems.
“When we see that the data that feeds smart city systems is blindly trusted and can be easily manipulated, that the systems can be easily hacked, and there are security problems everywhere, that is when smart cities become Dumb Cities,” he added.
The report can be downloaded here.