Smart City Systems Vulnerable to a Multitude of Zero-Day Vulnerabilities

The Smart city concept has gained significant attention from the world community owing to its convenience for human lives. However, smart city systems that are meant to serve humanity, can become real monsters too. Wondering how?. Well, researchers from IBM X-Force and Threatcare have discovered various critical vulnerabilities in smart city products. They shared their findings at the BlackHat USA 2018.

Critical Vulnerabilities Discovered In Smart City Systems

Researchers from Threatcare and IBM X-Force presented their findings of how smart cities of future are vulnerable. Together, both the firms tested several smart city products and found 17 zero-day vulnerabilities in four different smart city systems. Out of these 17 flaws, 8 received critical severity labels, while the rest attained high severity levels.

The researchers explained that most vulnerabilities they found were common. And, that they should ideally not exist in such a futuristic concept. They explained it briefly in their blog that reads,

“While we were prepared to dig deep to find vulnerabilities, our initial testing yielded some of the most common security issues, such as default passwords, authentication bypass, and SQL injections, making us realize that smart cities are already exposed to old-school threats that should not be part of any smart environment.”

In early 2018, the researchers tested four smart city systems from three vendors, Libelium, Battelle, and Echelon. These systems include Meshlium – wireless sensor networks by Libellium, Echelon’s i.LON 100/i.LON SmartServer and i.LON 600, and two vehicle-to-infrastructure hubs from Batelle – V2I Hub v2.5.1 and V2I Hub v3.0.

Threats Associated With The Vulnerabilities

The test products included devices from three categories, intelligent transportation systems, industrial Internet of Things (IoT), and disaster management. These devices typically work over various communication protocols, including WiFi, 4G, and ZigBee.

According to researchers, the vulnerabilities in these systems, if exploited, could result into anything ranging between “inconvenient and catastrophic”. For instance, false flood warnings, radiation alarms, and panic through fake or false emergency alarms, gunshot reports, and traffic reports are just some of the possible impacts from these flaws. Though the vulnerabilities remain unexploited (so far), they indeed hint towards massive futures disruption if not addressed now.

The researchers went on to highlight the following:

“The effects of vulnerable smart city devices are no laughing matter, and security around these sensors and controls must be a lot more stringent to prevent scenarios like the few we described.”

After finding these vulnerabilities in smart city systems, the researchers informed the corresponding vendors who then patched the flaws. Moreover, the researchers also express their willingness to continue with their research and awareness program in this regard.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients