Not only has the 21st century introduced a whole new way thinking about the world, it has forced people living in big cities to change their collective mindset. The rise of “smart cities,” complete with their various types of electronic data collection sensors and information-gathering resources, has dramatically altered the attack vector on the people living within. But as these new, eco-conscious urban areas continue to offer more and more convenience through amenities like free, public WiFi, automated systems, and connectivity of all kinds, it is becoming increasingly clear that these luxuries comes at a price—namely, our cyber safety.
With an estimated global spending of $80 billion this year alone, the push to expand smart cities has only accelerated, with no indication of slowing down. Researchers at both IBM and Threatcare have released recent studies exposing these growing vulnerabilities. The report states, “If someone, supervillain or not, were to abuse vulnerabilities like the ones we documented in smart city systems, the effects could range from inconvenient to catastrophic. Left unpatched, these vulnerabilities could allow hackers to gain access to sensors and manipulate data.”
Smart cities like Barcelona, Spain and Nice, France are littered with electronic sensors monitoring everything from roadway traffic to the sprinklers in public parks, anything that makes the environment safer and more enjoyable for citizens. But these luxuries are also offering cybercriminals a way to access systems they shouldn’t be. Daniel Crowley, IBM’s representative explains, “The effects of vulnerable smart city devices are no laughing matter, and security around these sensors and controls must be a lot more stringent. Attackers could manipulate water level sensor responses to report flooding in an area where there is none—creating panic, evacuations, and destabilization. Controlling additional systems could enable an attacker to set off a string of building alarms or trigger gunshot sounds on audio sensors across town, further fueling panic. Pick your favorite crime action movie from the last few years, and there’s a good chance that some hacker magically controls traffic signals and reroutes vehicles.”
These automated systems can be hijacked by cybercriminals if certain security measures and defensive systems are not properly developed and implemented in smart cities. Developers would be wise to create an infrastructure with a built-in way to update all firm/software related to their automation. Just like a full-on software in a PC, automated systems in cities like this are embedded in the now omnipresent Internet of Things (IoT)—which are essentially computers— and new vulnerabilities are being discovered all the time.
If vendors were to stop producing devices with a hardcoded administrator account for smart cities, let alone getting rid of backdoor accounts for maintenance purposes, things would improve considerably. Admin accounts should be given the ability to change passwords regularly for better security. Further, employing a two-factor authentication to the device would make combating unauthorized access, whether local or remote, much easier.
According the IBM study, “As smart cities grow, city leaders and smart city vendors need to prioritize security by re-examining the vendors’ security protocols, building proper frameworks for these systems, and developing standard best practices for patching security flaws.” Vulnerabilities are not exclusive to smart cities, as technology-driven municipalities also use automated systems for things like farming which use “smart” irrigation systems.
Ben Nassis of Ben-Gurion University has mentioned the impact of a vulnerable farming automation system, “By simultaneously applying a distributed attack that exploits such vulnerabilities, a botnet of 1,355 smart irrigation systems can empty an urban water tower in an hour and a botnet of 23,866 smart irrigation systems can empty ﬂood water reservoir overnight. Although the current generation of IoT devices is being used to regulate water and electricity obtained from critical infrastructures, such as the smart-grid and urban water services, they contain serious security vulnerabilities and will soon become primary targets for attackers.”