The Internet of Things is completely transforming the way we live, and we hear more and more about serious funding heading this way. Connected devices are not only consumer-oriented, in the form of toasters, cars and socks, but they’re also projected into plans for money and resource savings globally.
Because IoT allows faster connectivity, many cities invest heavily in IoT infrastructures to fully automate traffic control, parking, street lighting, public transportation, energy management, water and waste management and security, IOActive found.
IoT sensors could automatically detect weather conditions, pollution levels and seismic risks and will deliver real-time data for engineers to build applications to improve city life. These are only some of the technologies countries such as Saudi Arabia or South Africa have invested billions in, while Barcelona has been recognized as the smartest city in the world.
But automated machines can also malfunction, and this hasn’t been properly addressed by project initiators or engineers. An ongoing issue is that local governments are so excited about the possibility of running a smart city that they have forgotten to double check security standards. Such an event led to installing “about 200,000 vulnerable traffic control sensors in important cities around the world such as Washington DC, New York, Seattle, San Francisco, London, Lyon, and Melbourne.”
“Vendors claim to have obscure, nonexistent security features, with no documentation, which is only described in a sales pitch,” say IOActive Labs. “We continue to see vendors with little or no experience in implementing security features; they lack skilled security people and don’t properly invest in improving security.”
Since vendors allow full access to users on a local network and implement weak or outdated encryption, the system can easily be hacked. Using insecure products that lack proper endpoint protection will only backfire in the long run.
This vulnerability can affect not only a family whose toaster runs on outdated software, but a hacked weather sensor could have greater consequences for businesses, government organizations and even residents of the affected area.