Many cities, perhaps your own, are taking steps to implement "smart" measures - measures that include intelligent traffic control, streetlight management, and even tracking bicycle use. However, a new report from IBM Security reveals concerns about how secure these measures are from hacking and malicious takeover.
The concern stems from rudimentary security features in smart technologies, and easily attainable tools that locate exposed devices. The consequences of a compromised system could be extensive; uncontrolled traffic intersections, law enforcement chasing false alarms, and dangerous situations for public workers. And worst of all - public panic - which would only serve to exacerbate the problem. Earlier this year IBM and Threatcare discovered 17 critical vulnerabilities in smart city sensors and controls used around the world. Simply put, an unauthorized operator on a smart city system can easily cause extensive chaos and damage, even if their actions are simply for "fun".
But where are these vulnerabilities? Most commonly they're default passwords, authentication bypass, and SQL injection. Some devices don't even require a password reset on installation. Researchers found it incredibly easy to locate information within a system regarding the location of installed devices, what they did, and information on what safeguards they had come from the factory with.
Part of the trouble is that many of these devices are installed on legacy systems, which don't have the capability to run state of the art security measures, or have been put online without a thorough review of their security suites by a person qualified to do so. There is no easy way to bring every last system within a system up to snuff - doing so requires incredible expenditures which many city coffers don't support. Or, backlash from the public that may not fully understand the situation may dissuade city councils from approving upgrade projects.
While smart city device manufacturers has a responsibility to produce and support devices with current and best security practices, ultimately the onus falls on cities to ensure that they have established a solid and reliable network security plan and select products that complement it as they work towards integrating technology into the public sector.