back to article Guess what's 'easily hacked'? Yes, that's right: Smart city transport infrastructure

Roadside sensors and the data gathered from them can be easily hacked, according to field tests by researchers from Kaspersky Lab on the streets of Moscow. Transport infrastructure in modern cities typically includes an array of traffic and road sensors, cameras, and even smart traffic light systems. Data from these devices is …

  1. Anonymous Coward
    Anonymous Coward

    Big data is junk

    Companies have started to admit what we already knew, that "big data" is overwhelmingly junk.

    That's the deathknell of "big data" as the buzzword du jour, and really the whole concept of smart anything. Fill your city with sensors, and you'll collect mostly noise which will allow you to do precisely nothing.

    And even if any of it was useful, the solutions would have to be built in at the planning stage of a NEW city, which is so rarely the case except in still developing nations.

    1. This post has been deleted by its author

    2. a_yank_lurker Silver badge

      Re: Big data is junk

      Most data is garbage. The problem is the data collection was often not thought out nor properly managed.

  2. Marketing Hack Silver badge
    Unhappy

    Now all we need is a safe full of gold!!

    And its time for another "Italian Job"!

    Sadly, I am a pretty big guy and Mini Coopers are a mite small, so no gold for me.

    1. moiety

      Re: Now all we need is a safe full of gold!!

      Dump trucks, like in Die Hard. More room for gold, you, and a case of champagne; and good luck stopping it with a Fiat police car.

    2. Chris G Silver badge

      Re: Now all we need is a safe full of gold!!

      Here's a chance to vicariously enjoy Mini Coopers, real ones not the ersatz Beemer variety.

      https://www.youtube.com/watch?v=kuKYtRuDiuw

    3. Herby

      Re: Now all we need is a safe full of gold!!

      Now the question: Are you the "Napster?"

      I still like the HiFi that was demonstrated at the end of the movie.

    4. Adam 1

      Re: Now all we need is a safe full of gold!!

      > Mini Coopers are a mite small

      But the new ones are bigger than a some of the 1980s Corolla models. Sad when you think about it.

      1. PNGuinn
        Thumb Up

        Re: Now all we need is a safe full of gold!!

        REAL minis were surprisingly huge inside, unlike that cheap and nasty new thing.

        And built like the proverbial tank.

    5. Steve Graham

      Re: Now all we need is a safe full of gold!!

      The new MINI™ is the size of a small truck.

  3. redpawn Silver badge

    Who'd a thunk it?

    Infrastructure needing security? The good citizens of our city are too good or dumb to mess with something as dull as traffic.

  4. Bob Dole (tm)
    Thumb Up

    Good find

    Is Kaspersky the only company out there actually doing real security work?

    It seems like everyone else is pretty silent. Kaspersky on the other hand seems to be on the cutting edge of figuring out what's wrong.

    1. Mark 85 Silver badge

      Re: Good find

      These stories have popped up from time to time, as I recall. It's just like IoT, much lip service but nothing changes. But with Kaspersky jumping in, maybe someone will listen and actually do something about it.

    2. Marketing Hack Silver badge
      Holmes

      Re: Good find

      @ Bob Dole (tm)

      Maybe IT Security has a lot in common with pharmaceuticals. Namely, it's a lot more lucrative to develop something to treat a chronic condition than it is to develop an actual cure in advance of the onset of symptoms. :)

      1. Bob Dole (tm)

        Re: Good find

        @Marketing Hack:

        That certainly appears to be the approach most of the companies involved in that sector take.

  5. AdamWill

    er...passwords *are* authentication, aren't they?

    "No authentication was required to communicate with the Bluetooth-enabled device. "Anyone with a Bluetooth-enabled device and software for discovering passwords via multiple variants (brute force) could connect to a road sensor in this way," the Kaspersky team discovered."

    So, er, no authentication was required except a password, which is authentication, then?

    1. Anonymous Coward
      Anonymous Coward

      Re: er...passwords *are* authentication, aren't they?

      "No authentication of the road sensor to the client device."

      There, that better? So you could pretend to be the traffic sensor and the client device would be none the wiser.

      It's also not encrypted, so the password is broadcast over the air anyway. So the "authentication" here, in addition to being one-way, is also useless and might as well not exist.

  6. Anonymous Coward
    Anonymous Coward

    That's soooo easy to fix..

    Just drop the word "Smart" from such efforts, which will lower expectations. Nobody is going to be surprised if a dumb transport system is hacked, that more or less implied in the name.

    Anything else I can fix from the pub? :)

    1. John Brown (no body) Silver badge

      Re: That's soooo easy to fix..

      "Just drop the word "Smart" from such efforts,"

      Especially since to most of the population outside of the US, smart doesn't mean what they think it means.

  7. Kev99

    WHY do these idiots still insist on putting high security data on the web? Any one who has a functioning brain knows a web is just a bunch of holes held together with string. Personally, they deserve to get screwed for putting their laziness and back pockets before their citizens.

    1. Adam JC

      Hi Kev, this appears to be a bluetooth exploit, not a web-facing one. However no doubt it interfaces with a WAN connection *somewhere*. Only a matter of time...!

    2. Anonymous Coward
      Anonymous Coward

      I can't speak for the city or agency involved here, but some it depends on the definition of "high security". We usually split security into confidentiality, integrity and so on: for some data, integrity and immutability matter far far more than confidentiality? For example, sensor data that have to be published later at some point anyway - it's far more important to make sure it can't be altered or data injected than to keep it top secret: a case-by-case analysis has to be undertaken, however, and it has to get possible to change.

      For high integrity but "to be publishedl" grade info, i would say stuff should go to wherever shows the best cost/benefit IFF the integrity requirements can be met. As our internal storage typically costs 20 times AWS S3, for example, you can guess what that means for bulk / archives. Again, IFF the integrity requirement can be met.

      For "high security data", it's not on the main network anyway. Entire systems run on private networks - but then you get a different problem: what do you with terabytes of archives when PHBs won't allow any capital spending on IT equipment for things that aren't safety critical or aren't public-facing? Archive offline & lose the ability to do trending / long-term work other than on samples? Say "but we need to spend it to meet your other requirements" and be told "ok but your overall budget is going down this year and next, so you have to find savings elsewhere to cover it, with no loss in functionality"?

  8. MrAslan

    What if a two step bio security is used? Fingerprint and eye scan?

    1. Anonymous Coward
      Anonymous Coward

      For a sensor that's embedded in the middle of the road?

      Even stuff that's on the footpath, this is going to be impractical.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019