Danger Lurks in an Unsecured Smart City

CES panelists painted a scary picture of what could happened if IoT devices aren't secured.
Donna Fuscaldo

Much of the world is banking on smart cities as the answer to the overpopulation projected in the years to come. 

But that connectivity brings a lot of risk to the people living, driving and working in the connected cities of tomorrow. 

“We don’t want to waste time. We love those gadgetries that make our lives easier and more efficient,” said Ami Dotan, CEO & Co-founder of Karamba Security, during a CES panel looking at the security concerns in Smart Cities. “But connectivity comes at a huge risk.” 


Danger lurks without secure devices

So what are the dangers as more Internet of Things or IoT devices are connected to each other?

According to Dotan, harmful and disruptive ones if security isn’t taking more seriously. 

Take high-rise buildings as one example. Karamba was able to hack into one building using a common IoT protocol and access the emergency generator connected to an IoT device.

Once the security firm had control they could do a host of things like turn on and change the settings for the heat throughout the building or target a specific floor. That was using just one line of code. Imagine if there were more IoT connected devices in the building.  Think further out to smart cities where thousands of devices are connected and the danger is pretty evident. 

Dotan also pointed to a Russian Nuclear Research Center as another example of the IoT vulnerabilities that exist today and into the future. The security firm was able to get into the research center using a readily available tool that exposed the IP address. Somebody within the center left the username and password on a web page and that's all Karamba needed.

In another incident, Karamba scanned more than 9,000 gas stations and once in could remotely send commands to do everything from raising the tank overfill limit to shutting off the valves. 

Security has to be taken seriously 

Those scary hacker scenarios can also be extended to electric vehicles, said Dotan. He painted a scenario in which malicious code is embedded in the charging stations. Every time the vehicle gets charged its infected.

Hackers, in the beginning, could steal credit card information and credentials but in the future, it could be used to control the speed or direction of the vehicle. 

These security risks can easily be overcome granted security becomes part of the solution from the beginning.

“A lot of the executives own assets and they don’t even know how easy it is to hack those assets,” said Dotan. “Security has to be part of the architecture, to begin with.”

message circleSHOW COMMENT (1)chevron