The adoption of smart technology to power city services could leave urban areas "wide open" to being hacked on a mass scale, according to a cybersecurity expert with history of exposing citywide vulnerabilities.
Last year, Argentine Cesar Cerrudo demonstrated how hackers could bring metropolitan areas to a halt by overriding traffic control sensors, yet 12 months later the same system in San Francisco has still not been encrypted. According to the New York Times, Cerrudo is increasingly uncovering flaws in so-called 'smart cities', with software bugs and, in some cases, a complete lack of protection leaving vital services open to attack.
As well as DDoS attacks, in which networks are collapsed by an overload of requests, Cerrudo claims it would be possible for a hacker to freeze red or green lights, tweak speed limit signs, and exploit ramp meters to send cars onto the freeway simultaneously. Other services that could be vulnerable in smart cities include the power grid and the water supply.
Cerrudo claims that the attack surface for cities adopting smart technology is huge and, as noted by The Register, made difficult to defend against by the demands of the technology industry.
“Technology vendors impede security research," claims Cerrudo in a new report (PDF). "New systems and devices used by smart cities are difficult to acquire by the security research community – most are expensive and are usually only sold to governments or specific companies, making it difficult for systems to be rigorously tested."
The issue of smart tech vulnerability is becoming increasingly recognized as a real and pressing danger. Just last week, a UK government advisor found that UK train services could potentially be hijacked and crashed via a new computerized signaling system currently on trial.
