sb-au logo
Story image

'Modern cities' may be smarter, but they're not much safer

21 Sep 2016

'Modern cities' may make up thousands of different components that keep people safe and convenient, but they also come with huge vulnerabilities, new research from Kaspersky Lab has found.

Digital kiosks, interactive terminals and even speed cameras are vulnerable to attacks, putting people at risk - and the researchers have proven it through a number of experiments.

The resarchers found that many kiosks used to pay for services and entertainment are full of bugs and vulnerabilities that could be used to expose private information. Speed cameras aren't immune, as they found hackers can access cameras and manipulate the data.

“Some public terminals we’ve investigated were processing very important information, such as user’s personal data, including credit card numbers and verified contacts (for instance, mobile phone numbers),” said Denis Makrushin, security expert, Kaspersky Lab.

Many of these terminals are connected with each other and with other networks. For an attacker they may be a very good surface for very different types of attacks – from simple hooliganism, to sophisticated intrusion into the network of the terminal owner," Makrushin continues.

The amount of devices used in modern cities doesn't end there, with movie theater ticket terminals, bike rental terminals, government organisation self-service kiosks, and airport kiosks all run a Windows or Android-based device, offering hackers easy access to terminals.

Hackers can then load or block access to functions, launch virtual keyboards and web browsers, offering full control of a public kiosk and giving direct access to hidden operating system features.

The company cites one example in which a terminal contained a 'print' command at an e-government kiosk. Attackers could intercept the print window and gain access to the help dialogue. This could allow access to the control panel and eventually compromise the entire system for malware, printed document information and more.

"We believe that in the future public digital kiosks will become more integrated in other city smart infrastructure, as they are a convenient way to interact with multiple services. Before this happens, vendors need to make sure that it is impossible to compromise terminals through the weaknesses we’ve discovered," Makrushin says.

Kaspersky researchers also demonstrated how speed cameras can be exploited using a Shodan search engine. IP addresses can be accessible from the web, and some aren't even password protected, allowing full control to almost anyone with internet access.

“In some cities, speed control camera systems track certain lines on the highway - a feature which could be easily turned off. So if an attacker needs to shut down the system at a certain location for a period of time, they would be able to do that," says Vladimir Dashchenko, security expert, Kaspersky Lab.

"Considering that these cameras can be, and sometimes are, used for security and law enforcement purposes, it is really easy to imagine how these vulnerabilities can assist in crimes like car theft and others. It is therefore really important to keep such networks protected at least from direct web access,” Daschenko concludes.

Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More
Story image
Interview: Check Point profiles 5 battles that SOC teams face in 2020
Security operations centres (SOCs) are often the first lines of defence.More
Link image
Why performance monitoring is essential to keep cloud costs down
Cloud comes with many different associated costs, which can sneak up on organisations and drive down efficiency. Here's how to reduce costs by up to 50%.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Just one click – that’s all it takes to let in cyber-crime
So how do organisations ensure that users are not compromised by simply doing their work?  The answer is surprisingly simple, writes Bufferzone Security business strategist for A/NZ Greg Wyman.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More