The smart city is an alluring vision of the future, in which civic technology such as traffic lights, smart meters for utilities and public transport could all be connected and feed back invaluable data online. Glasgow has spent £24m installing technology such as smart street lights that brighten for pedestrians and cyclists, and traffic-tracking sensors in roads, while Bristol is collecting data on everything from health to pollution and interpreting it via a “city operating system”. While those cities may be streets ahead of others, most urban areas have some smart features. Yet a leading internet security researcher has warned that the smart cities of the future could be more vulnerable to hackers than the computers and smartphones of today.
Cesar Cerrudo, chief technology officer at security research firm IOActive Labs, warned that city authorities and governments that are the customers of technology firms aren’t testing the security of the systems they buy. “They do a lot of tests for functionality on the system and devices, but they don’t do any security testing. So, basically, they are trusting the vendors,” he said.
Speaking at the RSA security conference in San Francisco in April, Cerrudo said many firms selling smart systems were failing to build in effective security, such as encryption – a significant problem when so many services transmitted their data wirelessly. “All the data goes over the air. If you don’t have a good encryption, anyone can capture the data over the air and compromise security,” he said. For example, he revealed that the 200,000 traffic control sensors installed around the world, from Melbourne to London, were vulnerable to attack from hackers. Sean Sullivan, a security analyst at F-Secure, said: “Smart cities can provide planning departments a lot of very value information for better city living – but it could also be a big vector for fraud unless properly secured. He agreed that smart cities are “highly hackable” but predicted that we are more likely to see pranks – such as fiddling with highway signs or one-day outages on transport systems that cause chaos – than large-scale attacks. Sullivan pointed to a smart power meter hack investigated by the FBI that could be costing utility firms millions by letting tech-savvy users reprogramme the meter and get energy for free. James Lyne, global head of security research at Sophos, said that some systems have relied on security through obscurity.
0 comments:
Post a Comment