The Internet of Things sometimes seems ripe for catastrophe. An Argentinian researcher recently exposed a potential security problem for city traffic systems that could conceivably cause massive disruptions.
The problem was recently publicized by Cesar Cerrudo, the CTO of IOActive Research Labs, an international security firm headquartered in Parana, Argentina. Many traffic systems feature wireless sensors embedded in the road pavement that communicate with access points and repeaters that, in turn, communicate to system controllers. The controllers evaluate data from the sensors that can determine how to stagger traffic signal timing.
Cerrudo purchased an access point and a sensor from Sensys Networks. The devices are supposed to be available only to city departments, but Cerrudo convinced the company he needed them for a client.
Using his MacBook Air laptop, free Sensys Networks software, and a wireless "sniffer," he could view the 802.15.4 packet transmissions between the sensor and the access point he bought as well as the transmissions of various cities' in-ground sensors to their access points. Sensys didn't use any security software, such as encryption, when transmitting the data. As a result, Cerrrudo could see all the data from the sensors and, if he had wanted, change it. He could control the sensors to indicate there was a little vehicular traffic or a lot rolling over the streets.
He could also tell the sensors to transmit to other access points not in range, which would effectively transmit the information into oblivion. In addition to accessing the data while standing on the sidewalk relatively close to the sensors, Cerrudo also attached a transmitter to a drone and could pick up transmissions from more than 600 feet in the air.
To be clear, the sensors don't directly control traffic lights, but the lights use the data from the sensors. That means a hacker wanting to have some fun, a bank robber, or a terrorist could try to back up traffic so police and ambulances would have a tough time getting through. Lights could be forced to turn green to let the bad guys get away from whatever maliciousness they had been doing.
Why didn't Sensys include security software in a traffic system that even a 12-year-old might think would be fun to hack so that cars jammed up? Cerrudo contacted both Sensys and the Department of Homeland Security's Industrial Control Systems Cyber Emerging Response Team (ICS-CERT), which "works to reduce risks within and across all critical infrastructure sectors…"
I was told by ICS-CERT that the vendor said they didn't think the issues were critical, not even important. For instance, regarding one of the vulnerabilities, the vendor said that since the device were designed that way (insecure) on purpose, they were working as designed, and that customers (state/city governments) wanted the device to work that way (insecure) -- so there wasn't any security issue…
Another excuse the vendor provided is that because the device[s] don't control traffic lights, there is no need for security. This is crazy, because while the device[s] don't directly control traffic control systems, they have a direct influence on the actions and decisions of these systems.
Sensys claimed that its newer sensors include the Advanced Encryption Standard (AES). However, about 50,000 sensors are installed around the world, in about 40 major US cities such as New York, Los Angeles, and Washington, and in about ten other countries. That means cities are using thousands of old sensors that can't be upgraded with security software and would have to be removed from streets and replaced with newer sensors.
The issue is far more serious than just traffic sensors… not that potentially producing traffic jams, stopping emergency vehicles, or even causing fatalities aren't serious. Billions of sensors are used around the world. Many aren't connected to the Internet, as are the Sensys devices, but billions are. Cities are increasingly testing and implementing sensors in all sorts of ways.
If Sensys is correct about its customers not wanting security software, cities could and likely will face enormous difficulties in the future. Governments had better hire IT directors and other security experts who understand the ramifications of none or insufficient security across all the links in city infrastructures and services.
Lazy..? I have to agree it was sheer laziness, or possibly a lack of requirements that resulted in such a gaping hole. If there is one thing the IoT must provide, that is security of data. It is not for the vendor to decide what the value of the data is or is not. That is not their business and the excuses made were obviously confused and, mindless.
Someone was lazy Sounds like someone was lazy to me and didnt implement an easy security protocol for these traffic sensors. Like my home wifi network, just click on the checkbox that says WEP...LOL! Thats very basic security, but I would rather have that than nothing at all.
I wonder how many of our traffic sensors are not secured?
Re: Horrendous traffic snarls Yet if they can't be upgraded for encryption OTA, how might they be hacked? The same thing that renders them a danger also renders them not vulnerable to being controlled remotely for nefarious purposes. Color me confused, Alan.
Re: Easy solution Kim, it seems to me that the security must exist at all levels or it won't work.
However, I don't think it really takes much to implement a secure protocol all the way out to the sensor level. A ggogle search turned up a number of variations on this that are already in development and/or use.
Re: Horrendous traffic snarls I've been discussing how to rank challenges to the IoT (elsewhere), and while I'm interested in bandwidth, interoperability, and the cost of energy, everyone tells me security is the biggest deal.
Re: Horrendous traffic snarls The way to enforce vendor responsibility is with legal sanctions--yes, I mean fines. But here in the States, at least, lobbies resist anything like that by claiming it puts a burden on business (and therefore increases unemployment). That's why we can't even get stringent security standards for the national infrastructure.
Europe wields a heavier stick on this kind of thing.
Re: Horrendous traffic snarls I can't lay my hands on the link, but this reminds me of a story I wrote a year or so ago about a white hat hacker grabbing unencrypted phone traffic with some fairly simple gear.
Re: Horrendous traffic snarls The IoT does have a potential dark side, as well as a "Not-quite-sure-how-it's-going-to-work" side, and I hope we give them both space here, for example in the recent blog asking some questions about Cisco's IoE.
Smart City Money Makers companies and solutions that are most prominent, and destined to be most profitable, in the smart city revolution.
How to Make Your City Smarter Cities all over the world need to become smarter and more sustainable. But where to start? Download this guide to learn the first, proven steps toward making your city smarter.
Site Moderators Future Cities is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations; earn kudos and perks. Interested? E-mail: firstname.lastname@example.org
Designed to provide the people with access to green building products all year round