While city officials across the country continue to look to sensors and data to make smarter decisions, one researcher has tried to show that without proper security protections, smart cities could be crippled with the push of a key.
A year ago, Cesar Cerrudo, a security researcher and chief technology officer at IOActive Labs, demonstrated how unprotected traffic control sensors in cities across the globe could be vulnerable to attack by an intercept of the information from buildings or even by drones as far as 1,500 feet away.
Last Saturday, Cerrudo tested the same traffic sensors that he tested a year ago in San Francisco and found that the devices were still not encrypted like he recommended, according to a New York Times report. Cerrudo said he was increasingly uncovering similar problems in other products and systems incorporated into smart cities.
In addition to a lack of encryption, Cerrudo also discovered software bugs that leave the devices open to distributed denial of service attacks, which would enable hackers to overwhelm a network with requests until it collapses under the load.
Cerrudo also said he found ways to make traffic lights stay red or green, tweak electronic speed limit signs, or adjust ramp meters to send cars onto a freeway all at once.
To combat these issues, Cerrudo said municipal leaders had to think of cities as vast attack surfaces that require security protection just like a corportate network might. Through basic security measures like encryption, passwords and other authentication schemes, Cerrudo said municipalities could increase their responses to potential threats exponentially.
“When we see that the data that feeds smart city systems is blindly trusted and can be easily manipulated — that the systems can be easily hacked and there are security problems everywhere — that is when smart cities become dumb cities,” Cerrudo said.