How does the idea of a smart city sound to you? The term might conjure up images of “Jetsons”-like flying cars whizzing by. Or maybe you’re envisioning something a bit darker but technologically dazzling a la Minority Report.
Sorry to burst your bubble, but smart cities, as cool as they are, aren’t all that futuristic and there are already lots of them all around the world. Smart cities are all about enhancing efficiency and improving the quality of life through technology on a municipal level. In a smart city, the transportation system, schools, hospitals, utilities (water, electric, communications, waste) and other systems are managed by sensors and actuators that collect and measure real-time data. The data is then analyzed to understand where inefficiencies might lay.
Granted, the idea of a greener (because less unnecessary pollution is emitted by more efficient factories and utilities), less expensive (as individuals and businesses are able to run utilities such as water, gas and electricity more efficiently) city is appealing. But as useful as it is to be able to measure the amount of carbon and nitrogen being emitted by any given city bus with complete accuracy, there are some drawbacks to smart cities, chiefly this:
They can be hacked.
The Expanding Attack Surface
Everyday devices that digitally collect and share data are all card-carrying members of that mysterious sounding IoT club. The Internet of Things refers to the ability to connect physical items like toothbrushes, coffee pots and your Alexa or Nest to the internet. Your IoT toothbrush uses sensors and actuators to collect, record, and send information regarding your brushing patterns to your mobile device and to your dentist (sorry, now he’ll know you’re not telling the truth about your flossing habits).
Take that toothbrush and multiply it by about a trillion, literally, and that’s the number of internet-connected devices there will be by 2020.
There is a lot to be said for how the Internet of Things will improve and enhance life. But all these connected devices expand what security experts call “the attack surface”, or the available number of devices on which hacker can launch attacks. And IoT vendors release products whose software and hardware have little or no security measures in place; many have not been tested for security at all.
So just like your computer can be hacked if you haven’t taken the necessary precautions, your Alexa, sitting there so obediently on your table can be hacked if you haven’t made sure to update her firmware and change her default passwords.
In her hacked state, she may be able to record your conversations and pass that information over to hackers. Or worse, she could be manipulated to become part of a botnet. This past November’s shocking attack to the DNS provider Dyn demonstrated that hacked IoT devices can be used to launch devastating attacks with enough force to take down large chunks of the internet.
Smart Cities = IoT
Smart cities, with their utilities and other critical services managed by IoT devices, create cause for concern. The same way your toothbrush isn’t all that secured against hacks, the sensors that collect municipal data aren’t necessary secure either.
This lack of security can have very real physical consequences.
In 2015, security researchers discovered 200,000 traffic control sensors installed in some of the most major cities across the globe that were fully vulnerable to attack. And last year, security firm Kaspersky discovered vulnerabilities in traffic cameras and road sensors. All they had to do was note the name of the vendor which was visibly displayed on the sensor’s box. Then they found the technical documentation online that provided their research team with certain commands. Once they had this information, with the help of a simple password discovery tool, they were able to see all the information that had been gathered by the sensors.
Security is an Afterthought
So now, the scary truth: When it comes to all of IoT, not just in smart cities, security is an afterthought. and mostly only becomes part of the conversation once an incident has occurred.
But this doesn’t mean that you need to wait until something happens to you. You likely have more than a handful of IoT devices in your home right now and now is as good a time as any to ensure that they are secured.
Here are some simple ways you can ensure that you aren’t being snooped on, or worse yet attacked, by your toothbrush:
- Think before you connect: Now really, do you need an app that’s connected to your toothbrush to tell you how many more seconds to spend on your lower gums? Not everything in our lives has to be digitally enhanced and many things are better off left “dumb”. Think about what you really want to achieve and how important it really is before you expand your personal attack surface.
- Mind your passwords: IoT devices come with default passwords – Change them and make sure each device has its own unique, solid password.
- Create an IoT network: Check if your router allows you to create a guest network. If so, keep your IoT devices running on that one and put everything else on your regular WiFi network.
- Update your firmware: This is essentially the same concept as patching and updating software on your PC or smartphone. Outdated firmware can be breached, the same way outdated software can, so be sure to check for updates on the device manufacturer’s website regularly.
- Turn off Universal Plug and Play (UPnP): This is a setting on your router and on some devices as well that lets networked devices discover each other easily to facilitate sharing and communication. It also makes it easier for attackers to find your devices so it should be disabled wherever possible.
While you can’t control the security of your city, you can control the security of your own devices. And at RCS, we dont plan on waiting for something catastrophic to occur to redirect the conversation to include security. Look for a new feature in the coming weeks that will allow you to manage and route out vulnerabilities in all your network connections, including IoT devices.
In not so long, smart cities and IoT will be the de facto way we live. The sooner people take security in this realm seriously, the better off we will all be.