Vasili Hioureas, malware analyst at Kaspersky Lab
Last year, to help us prepare for our presentation at Defcon 22, TK from Exigent and I researched and presented on the insecurity of city surveillance. The research started out as a casual experiment. Neither of us was involved with any kind of smart city security organization, and attempting to hack into a city’s surveillance systems was purely down to our own curiosity.
Normally, a lot of thought and planning goes into choosing what we decide to research for a given project. However, when the opportunity to investigate the security of an easy target presents itself, it’s hard to turn it down.
We quickly discovered just how vulnerable these systems can be, and many of these vulnerabilities were the result of system misconfiguration.
A few simple changes in setup would have put enough of a barrier to stop the city we investigated from making itself such an easy target. For example, if we were on the other side of the fence, (malicious hackers), and this same exact scenario presented itself to us as it did, it would most likely result in being a crime of opportunity in that a hacker may not have initially planned to attack. The mentality here is, why spend time and effort when you can just grab the low hanging fruit.
We hoped that the finding of our research would be of interest to cities deploying surveillance networks and that they would take them on board in order to prevent such potential attacks. However, in the last few days I have revisited some of these cities, almost a year after we presented our research. I was surprised to find them still relatively insecure. While doing my field research, I saw (likely as a result of our research), that they had enabled WEP encryption on their devices. We had actually commented on this in one of our follow ups so I was a bit shocked that this was still the case.
It is widely acknowledged that WEP is horribly insecure. You can easily download a few free tools that will allow ANYONE to crack WEP within minutes. The fact that they chose to keep WEP as their encryption method of choice despite this, suggests they do not know how to better secure their systems, or they do not quite understand the potential dangers. This is why, even a year later, I wanted to write the following article detailing the vulnerable systems and providing a HOW-TO guide for making sure these surveillance networks are no longer open to attack.