Thus broke expert Kaspersky transportation system in Moscow

Apr

25

2016

In an effort to explore the security problems in the transport infrastructure and transportation in one of the smart cities and make recommendations on how to address them, research and global analysis team conducted in Kaspersky Lab ‘s field research for a particular type of sensors installed on roads to collect information on the flow of traffic in the city.

As a result, Kaspersky Lab experts proved the fact that it can to a large extent the seizure of the data collected and processed through these sensors, and can affect the seizure of future decisions taken by the city authorities on road infrastructure development started.

Transport infrastructure and communications in the modern mega – cities are considered very complex system which contain different types of special pass, roads, cameras and sensors so smart traffic lights system. The city ‘s special powers to receive and analyze all the information collected by these devices on the spot, where they can make decisions about paving roads and infrastructure planning of transport and communications in the future on the basis of that information. In the case of this information is not taken into account, it can cause the loss of millions for the city.

In the event captured fraudulently on the relevant infrastructure for transportation and transportation information, then it may affect , in particular , on the following:

Grab the data collected by the sensor means in an attempt to tamper or resell to third parties
Edit important data or falsified or even erased
Smashing equipment exorbitant price
Disruption of services provided by the city authorities , which
In detail, a Kaspersky Lab experts conducted research recently in the city of Moscow on a specific network of sensors to roads and collecting information on traffic and transport movement, especially the amount of vehicles on the road, type and average speed, then this information is transferred to the command center which is run by the city authorities. Receive traffic authorities in the city and use the information to support and update immediately to map the traffic on the roads. It can then be used as a source of map data in order to put the city ‘s roads systems or even an automated system to control traffic signals.

The first security problem, discovered by a researcher that the supplier ‘s name was clearly printed on the sensor box. These data Kaspersky Lab expert to get more information through the Internet about how to work the machine, the software that is used , and so on of the important information that helped. Researcher also discovered that the software user to interact with the sensor and technical documents related device, are all available on the vendor Web site, and included technical documentation full explanation of the very list of commands that can be sent to the device through a third party.

Once you get close to the machine, enabling the researcher to deal with it via Bluetooth , where there were not any process of scrutiny can be relied upon, any person who has a Bluetooth – enabled software to uncover passwords by trying a number of variables (as an attack of Brute Force) can connect to a sensor installed on the road. But what does the researcher then?

Using the software and technical documents its own, the researcher was able to see all the data collected by the device, and enables modification of the machine the way in the new data collection: for example , the researcher to change vehicles kind of car to truck or change the average speed of traffic. As a result, all the new data that has been collected recently provided false and inapplicable information to meet the needs of the city.

Said Dennis Adzo, security researcher at the global research and analysis team at Kaspersky Lab: “Without the data collected by these sensors, it can not perform the analysis of actual traffic and modify the transport and communications system in the city based on those data. You can use these sensors in the future to develop a smart traffic signals system and also select the types of roads that must be built in line with different areas of the city, and finding ways to organize traffic or reorganized. All of these things mean that the work of the sensors and the quality of the data collected through which should be accurate and correct. Our research has shown that it is extremely easy to grab this data, it is essential to address these threats because they can affect in the future the largest part of the infrastructure of the cities. ”

Kaspersky Lab recommends that many common procedures that can help to cope with any successful cyberattack against the transport infrastructure and communications devices such as:
Remove or hide the resource name of the sensor, where the attacker can take advantage of this name in creating web – based tools to control the device.
For the same purpose, It would be safe to do more to change the default names of the device and disguising the MAC addresses of the supplier , if possible, so as not exploited by the attacker.
Application procedures for auditing and definition consists of two phases on devices that include Bluetooth connectivity feature And to protect those procedures using strong passwords.
Cooperation with security researchers to find security gaps and address them.
To learn more about security in the transport sector, please read the code available to the website Securelist.com

The research was conducted within the framework of support for Kaspersky Lab Initiative “Protect your smart cities.” Please visit the website of the initiative ” Protect your smart cities ” for more information about current and future smart cities and ways to solve the problems of cyber security.

Dennis Adzo, security researcher at the global research and analysis team at Kaspersky Lab
Dennis Adzo, security researcher at the global research and analysis team at Kaspersky Lab

Viewing:-130

In: Technology & Gadgets Asked By: [15171 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »