New research conducted by Kaspersky lab experts has revealed that a number of the components that make up smart cities such digital kiosks, interactive terminals and speed cameras are vulnerable to cyber-attacks.
The findings of the firms research shed light on how the digital components aimed towards making life safer and more convenient for citizens actually pose a certain degree of threat to their data and safety.
Despite appearing different outwardly, ticket terminals in cinemas, bike rental terminals, service kiosks in government organisations, booking and information terminals at airports and infotainment terminals in city taxis all are either Linux-based, Windows-based or Android-based. What separates these kiosks from ordinary devices is the special kiosk-mode software that serves as their user interface.
An attacker who is able to access the functions that are restricted to the average user opens up a number of opportunities to compromise the system in much the same way that an ordinary PC can be compromised. By gaining access to a virtual keyboard and mouse pointer, it is possible for an attacker to launch malware, get information on printed files, obtain the device's administrator password or do any number of malicious actions using its systems.
Denis Makrushin, security expert at Kaspersky Lab, said: “Some public terminals we’ve investigated were processing very important information, such as user’s personal data, including credit card numbers and verified contacts (for instance, mobile phone numbers). Many of these terminals are connected with each other and with other networks. For an attacker, they may be a very good surface for very different types of attacks – from simple hooliganism, to sophisticated intrusion into the network of the terminal owner.
“Moreover, we believe that in the future, public digital kiosks will become more integrated in other city smart infrastructure, as they are a convenient way to interact with multiple services. Before this happens, vendors need to make sure that it is impossible to compromise terminals through the weaknesses we’ve discovered."
Another security expert at Kaspersky Lab, Vladimir Dashchenko, offered further details on the firm's findings regarding speed cameras, saying: “In some cities, speed control camera systems track certain lines on the highway - a feature which could be easily turned off. So, if an attacker needs to shut down the system at a certain location for a period of time, they would be able to do that.”
“Considering that these cameras can be, and sometimes are, used for security and law enforcement purposes, it is really easy to imagine how these vulnerabilities can assist in crimes like car theft and others. It is therefore really important to keep such networks protected at least from direct web access”
Image Credit: Jamesteohart / Shutterstock