Sunday, July 28, 2019

Smart city and IoT security vulnerabilities

  
Smart cities and IoT is here to stay. And going forward , 5g,  Elon Musks satellites laser internet whatever system and things like nb-iot, lorawan, microwaves and more , things will only become more vulnerable. And connected.

  Hardware is hard.  Margins can also be rough.  Look at half the scams on Kickstarter and even crypto ICOs.  Sell a vision to naive folks and never deliver anything real.  Or deliver an insecure raspberry pi with no security features. The Intel's of the world have vulnerabilities much less some fly by night sell some $9.99 sensor company.

   Security is hard.  It's not sexy. Nobody cares till they have to care.  Plain text passwords, lack of security knowledge, it's all easy and faster to just pretend security isn't real.  Robinhood takes money from millennials and stores in plain text. Nice.  Not really. But even the unicorns and hot companies get caught in this release faster and who cares about software development lifecycle and security processes.   It is what it is , but real.

So what can be done about smart cities and IoT and this hatred for cryptography and encryption? The dislike of any cyber security protocols  by the politicians,  government agencies and law enforcement agencies? This is bad.  People who seem to be very uneducated when it comes to anything related to technology are passing laws and pushing their own agendas or corruptions.

Maybe it's not their fault. Maybe it is. Then again transparency and real open data  isn't a desire from any of these groups either.  Somehow not wanting  privacy and encryption , but needing it at the same time  to hide their own secrets is some massive weird unknown. It's a bit shady. And not good for anybody.  Add this hate for encryption to the Facebook's building their own private bank and bypassing encryption by just putting more controls on phones to collect and spy,  is a serious serious  issue. 

So what can we do ?

Well for IOT and smart cities , encryption is useless if the devices are vulnerable.  My company Pagarba does IoT and smart city vulnerability and pentesting.  We do blockchain. From our perspective, A good idea and best practice, whether pagarba or another firm,  is some form of IoT security audit. Perform a full end to end checks and balances assessment. Where you  assess the network,  data and device inventory, data and device classification, application and device  flow mapping,  along with a thorough risk and privacy impact assessment.  At this juncture you can even add drone mapping for physical security assessments. All this to drive appropriate protection for your IoT community, organization and smart cities. 

Smart city IoT is here ...

Pagarba (pagarba.io) worked on some real time location tracking sensors and data collection projects.   We've been diving into radio frequencies, Lora , lorawan and private decentralized mesh networks lately to build better smarter Internet of things systems.  Good stuff. Interesting city.

" Wireless sensors can be used to monitor traffic data and analytics.  An ongoing pilot program on lower Union Street aims to count vehicles with the goal of reducing flow and idling. Traffic patterns differ between sport utility vehicles and compact cars. With a better understanding of the types of vehicles on city streets, the city can schedule traffic lights more efficiently. Data will also allow vehicles can be re-routed in the event of a crash or some other kind of large-scale event. "

Ecommerce cybersecurity risk assessments are important

 Securing eCommerce Growth:  A Guide to Cyber Risk Assessments for Online Retail Platforms The internet and e-commerce platforms provide inv...