View
1
Download
0
Category
Preview:
Citation preview
SESSION ID:
#RSAC
Denis Legezo
Smart Megalopolises. How Safe and Reliable Is Your Data?
TECH-T09
Global Research and Analytics Team, Kaspersky Lab@Legezo
#RSAC
Megalopolises are changing fast
2
#RSAC
The plan for today
3
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
#RSAC
Why cities need all this stuff?
4
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
#RSAC
Why do cities have be smart?
5
Investments
Staff
Infrastructure
Data centers
Operation center
#RSAC
Raw data for planning
6
#RSAC
…And for traffic management
7
Possible to use for the traffic lights
Counting vehicles number and change timings
Counting pedestrians as well
#RSAC
Radars are the source of such data
8
#RSAC
The first phase
9
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
#RSAC
Appearance is a great help
10
#RSAC
..Any IDs you can get are also
11
MACs
Names
Any IDs
#RSAC
What we are gathering?
12
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
#RSAC
Look, interfaces
13
#RSAC
And a lots of data on-board
14
#RSAC
What's inside the data?
15
Vehicle type
Number of vehicles
Median speed
Station occupancy
#RSAC
The Holy Grail
16
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
#RSAC
Can we add some functions?
17
Through interface
Debugger?
Commands?
What is format?
#RSAC
Format looks like iHex or SREC
18
#RSAC
But for which controller is it?
19
#RSAC
LinkedIn isn't only for HR
20
#RSAC
..but it happens anyway
21
For me in a blackbox mode it looks like dead end
But does it means dead end at all?
Of course not!
#RSAC
Even with the stock firmware..
22
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
#RSAC
Reconnaissance first
23
I started with script + C
Bluetooth tools
adb to get GPS from phone
C code for sending
What to send?
#RSAC
Commands are partly known
24
#RSAC
So we can automate
25
#RSAC
Sensor will answer
26
#RSAC
What about the small DDoS?
27
Driving by, changing settings
Time: all traffic at night
Types: all traffic trucks
#RSAC
Python + PostgreSQL seems better
28
#RSAC
Resolve vendor and address offline
29
#RSAC
What to do further and else?
30
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
#RSAC
Side effects
31
Gather Wi-Fi data and filter it with Postgres views
MACs can be anonymous
WEP is still alive
#RSAC
Where is always place for fuzzing
32
Where are undocumented commands
#RSAC
So much other stuff
33
#RSAC
...even speeding penalties
34
Smart cities security perimeter if huge
So is the surface of attacks
Different authorities are in charge of the infrastructure
#RSAC
...And tools
35
#RSAC
What to apply?
36
Change appearance and default names
Don't rely only on standard authentication
Cooperate with third-party researches
Think a little bit like malefactor or hire someone who can
I know embedded devices vendors with generous bug bounty program. Respect
Cities also could participate
#RSAC
Summary
37
Smart city infrastructure is visible due to ID
Kudos to vendor, firmware is strong
Automation is possible with change of any settings
Interesting side effects with wireless protocols
Go further!
#RSAC
Denis.Legezo@kaspersky.com
Denis Legezo
Recommended