Moscow's Smart City Security Flaws Could Create Traffic Chaos

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,008
Security researchers have warned that basic security flaws in smart traffic monitoring systems could allow black hats to change, falsify or even delete crucial data, potentially creating widespread disruption in the city.

Kaspersky Lab security researcher, Denis Legezo, highlighted a recent test of Moscow’s smart transportation system – a network of road sensors which gather traffic info to help officials alter traffic flow in real time and make future infrastructure planning decisions.

He revealed several basic security issues which made the system highly vulnerable to hackers.

The first was that the name of the manufacturer was printed clearly on the side of the sensor box.

Following up online, the Kaspersky Lab team was then able to find technical documentation on the vendor’s site – including crucial information on the firmware it uses, how it communicates with third party devices, and so on.

Its job was also made easier by virtue of the fact that each sensor device was accessible via Bluetooth, allowing a hacker to brute force it with ease.

The researchers were able to access the device firmware memory, and “change the way that passing vehicles are classified according to their length, or change the number of lanes,” Legezo explained in a blog post.

“To sum up, a car driving slowly around the city, a laptop with a powerful Bluetooth transmitter and scanner software is capable of recording the locations of traffic sensors, collecting traffic information from them and, if desired, changing their configurations,” he added.

“I wouldn’t say that traffic stats are a major secret, but tampering with sensor configurations could affect their validity. And that data could be used as a basis for controlling ‘smart’ traffic lights and other traffic equipment.”

That data could be hacked and compromised in a sabotage attempt, or even sold to third parties. Either way, it could spell trouble for the city authorities which rely on the accuracy of such data to make crucial traffic planning decisions.

To mitigate the risk of such an attack in the future, the city authorities need to hide the vendor’s name from view on the side of each sensor; change default names on devices and disguise their MAC addresses; use 2FA for Bluetooth authentication; and work with white hats to find and patch bugs, Legezo recommended.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Definitely a problem, if some enthusiast person can manage to hack and manipulate likeroad signs then how about from bigger aspects? So from the beginning, a strong implementation must occur and if no one attack the system then does not necessarily mean safe already.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top