Skip to main content

Smart city and IoT security vulnerabilities

  
Smart cities and IoT is here to stay. And going forward , 5g,  Elon Musks satellites laser internet whatever system and things like nb-iot, lorawan, microwaves and more , things will only become more vulnerable. And connected.

  Hardware is hard.  Margins can also be rough.  Look at half the scams on Kickstarter and even crypto ICOs.  Sell a vision to naive folks and never deliver anything real.  Or deliver an insecure raspberry pi with no security features. The Intel's of the world have vulnerabilities much less some fly by night sell some $9.99 sensor company.

   Security is hard.  It's not sexy. Nobody cares till they have to care.  Plain text passwords, lack of security knowledge, it's all easy and faster to just pretend security isn't real.  Robinhood takes money from millennials and stores in plain text. Nice.  Not really. But even the unicorns and hot companies get caught in this release faster and who cares about software development lifecycle and security processes.   It is what it is , but real.

So what can be done about smart cities and IoT and this hatred for cryptography and encryption? The dislike of any cyber security protocols  by the politicians,  government agencies and law enforcement agencies? This is bad.  People who seem to be very uneducated when it comes to anything related to technology are passing laws and pushing their own agendas or corruptions.

Maybe it's not their fault. Maybe it is. Then again transparency and real open data  isn't a desire from any of these groups either.  Somehow not wanting  privacy and encryption , but needing it at the same time  to hide their own secrets is some massive weird unknown. It's a bit shady. And not good for anybody.  Add this hate for encryption to the Facebook's building their own private bank and bypassing encryption by just putting more controls on phones to collect and spy,  is a serious serious  issue. 

So what can we do ?

Well for IOT and smart cities , encryption is useless if the devices are vulnerable.  My company Pagarba does IoT and smart city vulnerability and pentesting.  We do blockchain. From our perspective, A good idea and best practice, whether pagarba or another firm,  is some form of IoT security audit. Perform a full end to end checks and balances assessment. Where you  assess the network,  data and device inventory, data and device classification, application and device  flow mapping,  along with a thorough risk and privacy impact assessment.  At this juncture you can even add drone mapping for physical security assessments. All this to drive appropriate protection for your IoT community, organization and smart cities. 

Comments

Popular posts from this blog

Distributed computing CALM - ness or not

Distributed computing and coordination is not a necessary evil, it is an incidental requirement of a design decisionThe key insight in CALM is to focus on consistency from the viewpoint of program outcomes rather than the traditional histories of storage mutation. The emphasis on the program being computed shifts focus from implementation to specification: it allows us to ask questions about what computations are possible.Interesting article and some good insight. Worth a read. https://blog.acolyer.org/2019/03/06/keeping-calm-when-distributed-consistency-is-easy/

Exempt crypto security laws

https://www.coindesk.com/us-lawmakers-file-bill-to-exempt-cryptocurrencies-from-securities-lawsCould be good , time will tell what regulations will proceed and which ones will not. "
The “Token Taxonomy Act” was introduced Thursday by Reps. Warren Davidson and Darren Soto, a move that comes months after a roundtable in Washington, D.C. that sought input about regulatory measures for the industry. According to the text, the bill – among other items – seeks to exclude “digital tokens” from being defined as securities, amending both the Securities Act of 1933 and the Securities Exchange Act of 1934."