Road sensors which collect raw data for intelligent transport systems are hugely important, with key decisions around road improvement, traffic jam management and traffic light patterns based on the information they collect. Radars transmit this data to an operation center for detailed analysis, but can governments truly trust and rely on the data?
(Source: RSA USA 2016-San Francisco)
Strategies for Landing an Oracle DBA Job as a Fresher
Smart Megalopolises. How Safe and Reliable Is Your Data?
1. SESSION ID:
RSAC
Denis Legezo
Smart Megalopolises.
How Safe and Reliable Is
Your Data?
TECH-T09
Global Research and Analytics
Team, Kaspersky Lab
@Legezo
3. #RSAC
The plan for today
3
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
4. #RSAC
Why cities need all this stuff?
4
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
5. #RSAC
Why do cities have be smart?
5
Investments
Staff
Infrastructure
Data centers
Operation center
7. #RSAC
…And for traffic management
7
Possible to use for the
traffic lights
Counting vehicles
number and change
timings
Counting pedestrians
as well
9. #RSAC
The first phase
9
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
12. #RSAC
What we are gathering?
12
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
15. #RSAC
What's inside the data?
15
Vehicle type
Number of vehicles
Median speed
Station occupancy
16. #RSAC
The Holy Grail
16
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
17. #RSAC
Can we add some functions?
17
Through interface
Debugger?
Commands?
What is format?
21. #RSAC
..but it happens anyway
21
For me in a blackbox mode it looks like dead end
But does it means dead end at all?
Of course not!
22. #RSAC
Even with the stock firmware..
22
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
23. #RSAC
Reconnaissance first
23
I started with script + C
Bluetooth tools
adb to get GPS from phone
C code for sending
What to send?
30. #RSAC
What to do further and else?
30
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
31. #RSAC
Side effects
31
Gather Wi-Fi data and filter it with Postgres views
MACs can be anonymous
WEP is still alive
34. #RSAC
...even speeding penalties
34
Smart cities security
perimeter if huge
So is the surface of attacks
Different authorities are in
charge of the infrastructure
36. #RSAC
What to apply?
36
Change appearance and default names
Don't rely only on standard authentication
Cooperate with third-party researches
Think a little bit like malefactor or hire someone who can
I know embedded devices vendors with generous bug bounty
program. Respect
Cities also could participate
37. #RSAC
Summary
37
Smart city infrastructure is visible due to ID
Kudos to vendor, firmware is strong
Automation is possible with change of any settings
Interesting side effects with wireless protocols
Go further!