How Hackers Could Hold Your Town Hostage
SAN FRANCISCO -- A whole city without light or power, gas mains exploding in the street, cars crashing into each other, all because of hackers. It sounds like a Die Hard movie, but with local governments using insecure networks to manage everything from the utilities to the garbage collection, this disaster could be coming to your town soon.
On May 1, 2012, the normally quiet streets of Auburn, California, population 13,000, were filled with frustrated motorists caught in a traffic jam that spilled back onto Interstate 80. The reason? A computer glitch had summoned 1,200 citizens to report to the historic Placer Country courthouse for jury duty -- all at the same time.
The daily lives of hundreds of people in Placer County were disrupted by a simple technological error. But to researcher Cesar Cerrudo, chief technology officer at Seattle security firm IOActive, such incidents show how dependent American cities are on technology -- and how vulnerable they are to hackers who could disrupt the lives of millions.
"What happens when the power goes out?" Cerrudo asked rhetorically during a presentation at the RSA security conference here earlier this week. "When it first goes out, you figure it'll come back soon. But after an hour, you begin to get worried."
Electrical blackouts of the past were created by physical incidents: a falling tree, an exploding transformer. But blackouts of the future, Cerrudo said, may be caused by hackers who target "smart city" systems where power grids, street lighting and public transport are managed by computer systems that gather data from thousands of sensors scattered around a large area -- and many of those systems are woefully unsecured.
Last year, Cerrudo and researchers at the University of Michigan independently discovered vulnerabilities in traffic sensors that many North American cities use to manage traffic lights. Cerrudo was able to cheaply create fake sensors that communicated erroneous data to the system controller.
A hacker -- or an enemy nation -- could use hundreds of such sensors to create traffic jams, much as the bank robbers in the 1969 movie "The Italian Job" hack a central traffic-light computer to achieve the same result.
Most sensors that detect citywide information transmit data over cellular networks without any authentication, Cerrudo said, making it easy for anyone to inject fake data about flooding, seismic data, parking conditions or even garbage levels in city Dumpsters.
That may not sound like much, Cerrudo said, but bad information leads to bad decisions. What happens when a hacker changes the maps of utility lines that run under city streets, and electrical workers hit a gas main? Or when all the streetlights in a city are convinced that the sun is shining at midnight, turning them all off? Or when the subway system "sees" delayed trains that are actually running on time, causing deadly crashes?
It all could happen, Cerrudo said, because smart-city systems are being installed without any testing for security. The cities purchasing the systems care more about cost, ease of use and installation time than they do over security. Many system vendors know little about security, he said, with the result that many of the systems are filled with flaws.
The solution, Cerrudo said, is for cities to refuse to purchase and implement any "smart city" system without rigorous security testing. Vendors should be asked to provide documentation, he said, and cities that implement similar systems should share information among themselves. Most importantly, Cerrudo said, all systems should incorporate fail-safe mechanisms and manual overrides in case anything goes wrong.
"It's only a matter of time until attacks on city services and infrastructure become common," Cerrudo concluded. "Actions must be taken to make cities more secure and protect them against cyberattacks."
- 7 Ways to NSA-Proof Your Smartphone
- 10 Simple Tips to Avoid Identity Theft
- Best Wireless Home Security Cameras