Kaspersky Lab has proved that data gathered and processed by these road sensors can be dramatically compromised. This could potentially affect future city authority decisions on the development of road infrastructure.
In an attempt to explore security issues in smart city transport infrastructure and give recommendations on how to address them, a Kaspersky Lab Global Research & Analysis Team (GReAT) expert has conducted field research into the specific type of road sensors that gather information about city traffic flow. As a result, Kaspersky Lab has proved that data gathered and processed by these sensors can be dramatically compromised. This could potentially affect future city authority decisions on the development of road infrastructure.
Transport infrastructure in a modern megalopolis represents a very complicated system, containing different sorts of traffic and road sensors, cameras, and even smart traffic light systems. All the information gathered by these devices is delivered and analysed in real-time by the special city authorities. Decisions about future road constructions and transport infrastructure planning can be made based on this information. If the data is compromised it can cause millions in losses to the city.
In particular, if fraudulent access to the transport infrastructure is gained, the following may occur:
· The data gathered by road sensors may be compromised in an attempt to sabotage it or resell it to third parties;
· Modification, falsification and even deletion of critical data;
· Demolition of the expensive equipment;
· Sabotage the work of the city authority’s services.
Recent research by a Kaspersky Lab expert in Moscow was conducted on a network of road sensors that gather traffic flow information – in particular the quantity of vehicles on the road, their type and average speed. This information is transferred to the city authority’s command center. City traffic authorities receive the information and use it to support and update a real-time road traffic map. The map, in turn, could then serve as a source of data for city road system construction or even for automating traffic light system controls.
The first security issue, discovered by the researcher, was the name of the vendor clearly printed on the sensor’s box. This crucial information helped the Kaspersky Lab expert to find more information online about how the device operates, what software it uses etc. The researcher discovered that the software used to interact with the sensor, as well as technical documentation, were all available on the vendor’s website. In fact, the technical documentation explained very clearly what commands could be sent to the device by a third party.
Just walking near the device, the researcher was able to access it via Bluetooth as no reliable authentication process was implemented. Anyone with a Bluetooth-enabled device and software for discovering passwords via multiple variants (brute force) could connect to a road sensor in this way. But what to do next?
Using the software and technical documentation, the researcher was able to observe all data gathered by the device. He was able to modify the way the device gathers new data: for example changing the type of vehicle recorded from a car to a truck, or changing the average traffic speed. As a result all newly gathered data was false and not applicable to the needs of the city.
“Without the data gathered by these sensors, actual traffic analysis and subsequent city transport system adjustments would not be possible. These sensors can be used in the future to create a smart traffic light system and also to decide what kind of roads should be built, and how traffic should be organised, or reorganised, in what areas of the city. All these issues mean that the work of sensors and the quality of data gathered by them should be accurate and stable. Our research has shown that it is easy to compromise the data. It is essential to address these threats now, because in the future this could affect a bigger part of the city’s infrastructure”, said Denis Legezo, Security Researcher, Global Research and Analysis Team (GReAT), Kaspersky Lab.
Kaspersky Lab recommends several measures to help prevent a successful cyberattack against transport infrastructure devices. These include:
· Remove or hide the vendor’s name on the device, as this could help an attacker to find tools online for hacking the device;
· Change the default names of the device and disguise the vendor’s MAC addresses if possible;
· Use two steps of authentication on devices with Bluetooth connectivity and protect them with strong passwords;
· Cooperate with security researchers to find and patch vulnerabilities.
CES: So long, and thanks for all the beer!
Last week, the Las Vegas expo showed off its fun side with state-of-the-art technologies for enjoying beer, writes BRYAN TURNER
From craft beer-making machines to robots that pour beer, CES had more beer than usual in Las Vegas last week. And even free beer if you found the right stand. Stampede’s saloon-style booth offered beer to visitors who tried out its latest drones, virtual reality, and other gaming products. No beer tech, though.
Here are some of the beer technologies that stood out:
LG HomeBrew – Craft beer made at home
LG’s HomeBrew craft beer-making machine, debuted at CES 2019, brings the brewing process home thanks to single-use capsules, a self-cleaning feature, and an algorithm optimised for fermentation.
Like a Nespresso coffee machine, the beer maker uses capsules, which contain malt, yeast, hop oil and flavouring. At the press of a button, LG HomeBrew automates the whole procedure from fermentation and carbonation to ageing. A companion app lets users check HomeBrew’s status at any time during the process, from their handsets.
The beer machine not only offers a simple way to make craft
Designed with discerning beer lovers in mind, HomeBrew allows for in-home production of batches of more than 4 litres of beer in a variety of styles. The following five distinctive, flavoured beers are available now:
- Hoppy American IPA
- Golden American Pale Ale
- Full-bodied English Stout
- Zesty Belgian-style Witbier
- Dry Czech Pilsner
The only catch? It takes about two weeks to make, depending on the beer type.
“LG HomeBrew is the culmination of years of home appliance and water purification technologies that we’ve developed over the decades,” said Dan Song, president of LG Electronics Home Appliance & Air Solutions Company. “Homebrewing has grown at an explosive pace, but there are still many beer lovers who haven’t taken the jump because of the barriers to entry, like complexity, and these are the consumers we think will be attracted to LG HomeBrew.”
Click here to read about the party speaker that holds beer and robots that pour beer.
CES: Alienware gets Legend-ary
At CES in Las Vegas last week, Dell’s Alienware released a family of high-end, thin, light, and affordable machines for both amateur and professional gamers – and a new identity.
Alienware marked CES 2019 as a brand milestone with the debut of a new design identity, Alienware Legend. It aims to set a new bar of excellence for what gamers want most – performance and function. Alienware says it evaluated multiple concepts and chose one that was the biggest and boldest departure from its current look.
Alienware Legend, says the company, stays true to the brand’s core design tenets, taking cues from its deep roots in sci-fi culture and its early industrial designs, to distinguish the brand from the rest of the industry. The new Legend design is optimised with cutting-edge thermal cooling technology to achieve and sustain overclocking power, improved AlienFX lighting, and ultra-thin screen borders. It also unveiled a new “three-knuckle hinge” design that reduces the overall dimension while creating a stronger assembly, all combining to yield a better gaming experience.
“We’re excited to come to this year’s CES with some truly groundbreaking products, next-gen software and strategic partnerships that will bring more people to experience PC gaming and advance the industry,” said Frank Azor, vice president and general manager of Alienware. “The legend design answers the call for more and better from our gaming community, and the new G Series laptops will make PC gaming even more accessible to those looking for high-performance gaming at a cost they can appreciate.”
Click here to read about Alienware Legend in action with the Area-51m and m-series laptops