Kaspersky Lab has proved that data gathered and processed by these road sensors can be dramatically compromised. This could potentially affect future city authority decisions on the development of road infrastructure.
In an attempt to explore security issues in smart city transport infrastructure and give recommendations on how to address them, a Kaspersky Lab Global Research & Analysis Team (GReAT) expert has conducted field research into the specific type of road sensors that gather information about city traffic flow. As a result, Kaspersky Lab has proved that data gathered and processed by these sensors can be dramatically compromised. This could potentially affect future city authority decisions on the development of road infrastructure.
Transport infrastructure in a modern megalopolis represents a very complicated system, containing different sorts of traffic and road sensors, cameras, and even smart traffic light systems. All the information gathered by these devices is delivered and analysed in real-time by the special city authorities. Decisions about future road constructions and transport infrastructure planning can be made based on this information. If the data is compromised it can cause millions in losses to the city.
In particular, if fraudulent access to the transport infrastructure is gained, the following may occur:
· The data gathered by road sensors may be compromised in an attempt to sabotage it or resell it to third parties;
· Modification, falsification and even deletion of critical data;
· Demolition of the expensive equipment;
· Sabotage the work of the city authority’s services.
Recent research by a Kaspersky Lab expert in Moscow was conducted on a network of road sensors that gather traffic flow information – in particular the quantity of vehicles on the road, their type and average speed. This information is transferred to the city authority’s command center. City traffic authorities receive the information and use it to support and update a real-time road traffic map. The map, in turn, could then serve as a source of data for city road system construction or even for automating traffic light system controls.
The first security issue, discovered by the researcher, was the name of the vendor clearly printed on the sensor’s box. This crucial information helped the Kaspersky Lab expert to find more information online about how the device operates, what software it uses etc. The researcher discovered that the software used to interact with the sensor, as well as technical documentation, were all available on the vendor’s website. In fact, the technical documentation explained very clearly what commands could be sent to the device by a third party.
Just walking near the device, the researcher was able to access it via Bluetooth as no reliable authentication process was implemented. Anyone with a Bluetooth-enabled device and software for discovering passwords via multiple variants (brute force) could connect to a road sensor in this way. But what to do next?
Using the software and technical documentation, the researcher was able to observe all data gathered by the device. He was able to modify the way the device gathers new data: for example changing the type of vehicle recorded from a car to a truck, or changing the average traffic speed. As a result all newly gathered data was false and not applicable to the needs of the city.
“Without the data gathered by these sensors, actual traffic analysis and subsequent city transport system adjustments would not be possible. These sensors can be used in the future to create a smart traffic light system and also to decide what kind of roads should be built, and how traffic should be organised, or reorganised, in what areas of the city. All these issues mean that the work of sensors and the quality of data gathered by them should be accurate and stable. Our research has shown that it is easy to compromise the data. It is essential to address these threats now, because in the future this could affect a bigger part of the city’s infrastructure”, said Denis Legezo, Security Researcher, Global Research and Analysis Team (GReAT), Kaspersky Lab.
Kaspersky Lab recommends several measures to help prevent a successful cyberattack against transport infrastructure devices. These include:
· Remove or hide the vendor’s name on the device, as this could help an attacker to find tools online for hacking the device;
· Change the default names of the device and disguise the vendor’s MAC addresses if possible;
· Use two steps of authentication on devices with Bluetooth connectivity and protect them with strong passwords;
· Cooperate with security researchers to find and patch vulnerabilities.
How to predict the future
Forecasting the future is about people, not technology, ARTHUR GOLDSTUCK discovers on a visit to the HP Innovation Lab in Barcelona
When HP chief technology officer Shane Wall talks about the world three decades from now, the trends to steers clear of technology. That’s startling, given that he is also global head of HP Labs, the advanced research group within the world’s leading PC and printer manufacturer.
The Labs play host to numerous futuristic technologies, from 3D printing to virtual reality, so one would expect its vision of the future to be all about the gadget. Instead, it’s all about the people who will use the gadgets of the future.
“When we think long term, we try to look 15-20, even 30 years into the future,” he said during the HP Innovation Summit at the HP Innovation Lab outside Barcelona, Spain, last week. “The way we do it is that we don’t start with technology. In HP Labs we invent all manner of incredible things in basic areas like biology, physics, and 3D printing. Those give us an idea, but we’re careful not to extrapolate those into the future, because by extrapolating you miss disruption.
“Instead, we look at people. We’ve done this for a number of years, looking every year at what’s accelerating, what’s gone slower, what’s new. We call these megatrends, that look at humanity rather than technology.
“In 2019 we stood back and took a different look at humanity. Everyone does market segmentation, analysing who the customer is and how they buy things. Instead, we looked at economic segmentation, we looked at where the money is moving in the next 30 years. We conducted numerous interviews with economists.”
The key megatrends identified by HP for the next three decades revolve around rapid urbanisation, changing demographics, hyper-globalisation, and accelerated innovation.
“We’re changing where we live,” said Wall. “People are moving out of rural areas and densifying cities. Cities themselves are getting bigger. In 1991, there were 10 megacities – defined as urban areas with 10-million people or more. By 2013, there were 41, by 2030, there will be over 60. Those cities are changing the very nature of everything we do, from the nature of work to the manner of how we do product development.”
The challenge of how to get goods into cities and waste out of them, he said, will result in a much greater focus on sustainability and energy management.
“That is going to change our go-to-market approach. Currently, we focus on countries as markets. Now we are seeing how important cities are becoming. In Nigeria, you may care about all of humanity, but for sales, you care about Lagos. In China, by 2035 any tier 3 city’s gross domestic product will pass that of the entire country of Sweden.”
The very nature of the population is changing, said Wall. The impact of the post-Word War 2 population boom, resulting in the American concept of “baby boomers”, has now evolved into the “silver spenders”, who are living longer thanks to healthcare advances. They expect technology to address solutions to their toughest problems.
“On the other end of the spectrum, we are seeing a whole new generation, Gen Z, a generation like we’ve never seen, very focused on experiences and values, less focused on purchasing. They are also driving a change in our behaviour as businesses in terms of go-to-market. Understanding them deeply shapes the very nature of the enterprise.”
Wall points out that, because we live in a world that is hyper-connected, we expect things to move at speed of light, while at the same time we expect it to be local. This has given rise to the concept of “glocalisation”.
“It is the expectation that things be both global and local, thanks to connectivity and mobile phones. Startups in emerging markets growing at 20% a year. It will be not only ideas that will move at this speed, but in the near future physical goods will also move at that speed.”
Finally, technology must, by its very nature, play a key role.
“Tech itself is moving faster; it’s not just a perception. It started with Moore’s Law and the doubling of capacity on a transistor every two years. That happened at a systems level, and eventually, it brought artificial intelligence and machine learning into being. The algorithms were invented 10-20-30 years ago, but because of scale we have seen that only now are they becoming usable.”
What does this mean for consumers and businesses? On the one hand, it represents massive opportunity. On the other, even greater challenges.
“Over the next 30 years we will see incredible economic expansion, where the number of haves with the ability to spend on products we sell is going to grow at an incredible rate. The number of have-nots will shrink. But in order to meet that economic growth, we will see a 16% shortage in skilled labour, which means we must drive higher levels of automation to reach that growth.”
A big question is: What can prevent it from happening? The answer is highly relevant to South Africa.
“The challenges lie in basic infrastructure, like roads, buildings, and airports, but one thing at the root of it all is energy. When we look into the future, energy will become the critical piece: how well, how fast, we can build it out to meet those needs. In many economies, it is not being built out in a sustainable way. We need to change the equation.”
One of the solutions lies in 3D printing.
“Products can be designed digitally anywhere, and you can transmit the design on a digital supply chain, perhaps using blockchain and security tech, to cities where they are printed or manufactured on demand using 3D printers. That’s digital manufacturing and it’s already happening in some places today.
“Imagine you go to Amazon, you find a product, you edit it, personalise it, make it yours, and at the push of a button it is printed at a local manufacturing facility and shows up at your door two days later. It’s estimated that we can save 25% of our energy using digital instead of traditional manufacturing. Manufacturing itself takes one-third of energy use the in the world, so it will have a big impact on the world of the future.”
Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee
Google launches open-source cloud for enterprises
Vendor lock-in is a thing of the past for Google Cloud users, writes BRYAN TURNER.
A new way for enterprises to use cloud, that prevents lock-in, has been unveiled by Google at its Cloud Next event in San Francisco.
“Cloud Next is held in San Francisco, London, and Tokyo to cater for the various markets,” said Mich Atagana, head of communications for Google Africa. “The event aims to bring together cloud developers to showcase the latest cloud. You can think of it as the Google IO event for executives.”
At a round table, a team of Googlers broke it down for those of us who aren’t cloud developers.
“There’s a lot of technicality in this event, and a lot of the magic could be lost on those who aren’t developers,” said Atagana. “That’s why we’ve assembled our Cloud team to demystify the technicality.”
Shai Morgan, head of Google Cloud Sub Saharan Africa, said: “Cloud Next started four years ago. The first one hosted 3600 attendees, while this year we hosted about 30,000. This shows the way Google moves across the industry and how we address businesses. We’ve seen large growth in our partner ecosystem. It used to be very niche players, and now it’s big players like Accenture and Deloitte using Google Cloud.”
Daniel Acton, regional tech lead for Cloud at Google, said: “We had a new CEO come in [for Google Cloud] and he said it’s all fair and well to talk about the benefits of the cloud, but it’s not always attainable for business.”
This is where Google comes in. It launched new products to assist businesses in customising the cloud, the transition to cloud platforms, and how much must remain on-premise.
First up is Anthos, a management system for hybrid environments.
Acton said: “Anthos addresses the journey to the cloud. Businesses know that this journey doesn’t happen at the snap of the fingers. Executives have to make carefully calculated decisions on how to get there. There’s also lots of friction to get to the cloud, with a big factor being cloud vendor lock-in.”
“One way to move a business to the cloud is through a ‘lift and shift’, which is simply moving all the components of the business off-premise and on the cloud. This isn’t always what a business needs. Anthos deals with “infrastructure modernisation”, which is how we go from what we got to what we need. That’s because not everything should be in the cloud.
“We give businesses that option for hybrid infrastructure. Anthos exists to help customers on their journey to the cloud. We realise this is a multi-cloud environment and provide our customers on-premise, a bridge, and computation on the cloud, for example.”
Morgan expanded on this and said: “It’s a bridge to the cloud and a very well managed bridge at that. For an enterprise customer, it’s complicated to move assets, manage skillsets, all while thinking about lock-in to a cloud vendor. Open source in an enterprise environment prevents lock-in. We work very closely with existing vendors, walking with them in their cloud journey but they can leave at any time.
“Anthos can run on Amazon Web Services (AWS) and Microsoft Azure. That’s the beauty of Open Source, no lock-in. Containerising is a method that’s popular in the cloud developer environment but moving these containers across these environments is not trivial currently. Anthos allows this to happen.”
This brings the second major feature: serverless computing.
Containers and serverless computing go hand-in-hand. Acton explained that containers are like pre-setup computers, where a developer doesn’t have to spend time setting up a virtual environment and can focus on writing code, which ultimately delivers business value. He compared the proliferation of containers to Java, with the “write once, run anyway” phrase.
Serverless computing is split into many levels. At a low level, the Google App Engine allows developers to write code, and it takes care of hosting and handling the load. This is similar to the AWS Lambda service.
The enterprise nature of Google Cloud is not exclusive to large enterprises.
“We address very small businesses as we treat our consumers,” said Morgan “They most likely use Gmail, Drive, Docs, and Calendar because those products are free and very easy to handle. Setting up an enterprise cloud environment is quite complicated.
“If one invests enough time and energy, one can start a business that adds value and has its computing backed by Google Cloud.”