Recent Research & Whitepapers

The cybersecurity of a smart city involves both strategic planning for future cities and the recognition of issues in cities that already have ’smart’ components. Recent research undertaken by participants and partners of the Securing Smart Cities (SSC) initiative is made freely available to help prevent security errors when implementing and exploiting smart technologies in modern cities. Knowledge is power. To make your city cyber-safe, here you can find articles, whitepapers and other materials prepared by SSC participants and partners that offer a practical approach to the security of smart cities.

LoRaWAN Networks Susceptible to Hacking: Common Cyber Security Problems, How to Detect and Prevent Them

LoRaWAN is fast becoming the most popular wireless, low-power WAN protocol. It is used around the world for smart cities, industrial IoT, smart homes, etc., with millions of devices already connected.
The LoRaWAN protocol is advertised as having “built-in encryption” making it “secure by default.” As a result, users are blindly trusting LoRaWAN networks and not paying attention to cyber security; however, implementation issues and weaknesses can make these networks easy to hack.
Currently, cyber security vulnerabilities in LoRaWAN networks are not well known, and there are no existing tools for testing LoRaWAN networks or for detecting cyber attacks, which makes LoRaWAN deployments an easy target for attackers.
In this paper, we describe LoRaWAN network cyber security vulnerabilities and possible cyber attacks, and provide useful techniques for detecting them with the help of our open-source tools.

AUTHORS: Cesar Cerrudo, CTO, IOActive, Esteban Martinez Fayo, Director of Database Security, IOActive, Matias Sequeira, Security Researcher
Launch PDF
5G Security and Privacy for Smart Cities 

The 5G telecommunications revolution is imminent. It is the next generation of cellular network using the existing 4G LTE in addition to opening up the millimeter wave band. 5G will be able to welcome more network-connected devices and increase speeds considerably for users. It will serve as the
foundation for many futuristic technologies such as self-driving vehicles, remote and electronic healthcare services, energy efficiency systems, etc. Smart cities, intelligent power grids and defense facilities will be built based on all these new technologies. However, the security concerns of 5G are inescapable.  

AUTHORS: Amin Hasbini, Head of research center, META, Kaspersky, David Jordan, VP of Cyber Services and Smart Cities, Mission Secure Inc., Alan Seow, Cybersecurity Practitioner
CONTRIBUTORS: Cesar Cerrudo, CTO, IOActive  
Launch PDF

Securing the Smart City Olympics
The Olympic Games is key to spurring growth in technology; it is a high-profile occasion where each operational blunder can sprout away into a global crisis, leading to dire consequences. Because of the importance of information technology to the success of the event, one area of pivotal concern is cyber security.

AUTHORS: Mohamad Amin Hasbini, Senior Security Researcher, Kaspersky Lab, Martin Tom-Petersen, CEO and Co-founder, Smart City Catalyst, Cesar Cerrudo, CTO, IOActive Labs
Launch PDF

The Smart Cities Internet of Access Control, opportunities and cybersecurity challenges
The Smart city is a fast advancing zone in urban planning and aged cities of today. This concept is based on the application of connected various systems in managing a city effectively. The smart cities internet of access control is a futuristic concept of connected access control systems distributed over an urban ecosystem, part of its critical infrastructure. Even though highly worrying and controversial concept to look at with current technological standards in addition to cybersecurity and privacy occurrences, if perfected, it could progress some of the current world’s most alarming complications like
traffic jams, crime, terrorism...

AUTHORS: Mohamad Amin Hasbini, Senior Security Researcher, Kaspersky Lab, Martin Tom-Petersen, Client director and partner, Smart City Catalyst
Launch PDF

Smart Cities Cyber Crisis Management
Unlike current cities with independent operators and multiple stand-alone systems, smart cities will be themed by more centralized systems (virtually centralized not physically, e.g. in the cloud), automated tasks, integration of information, and correlation (Data Analytics). There are therefore considerable larger consequences of inadequately protected data, infrastructure and applications as they are used to process, transmit and store critical information. 

AUTHORS: Mohamad Amin Hasbini, Senior Security Researcher, Kaspersky Lab, Raddad Ayoub, Advisory Partner – Africa, India and Middle East (AIM), Martin Tom-Petersen, Client director and partner, Smart City Catalyst, Loïc Falletta, Owner and Principal Security Consultant at Yinkozi, Ltd, David Jordan, CISO, Arlington County Government, Virginia, USA, Alan Seow, Cybersecurity Practitioner, Sandeep Singh, Security Consultant
Launch PDF

Smart cities appeal and 15 things that should not go wrong
Smart cities integrate technologies and innovations such as Big Data, mobile technologies, robotics, artificial intelligence and the Internet of Things (IoT) to change how humans interact, work and prosper. As much as the physical and virtual infrastructure interconnectivity in smart cities render them functional, they also add to their vulnerabilities, creating significant cybersecurity risks. 

AUTHORS: Mohamad Amin Hasbini, Senior Security Researcher, Kaspersky Lab, James Mckinlay, Director, Praetorian Consulting International Limited, Martin Tom-Petersen, Client director and partner, Smart City Catalyst, Aseem Jakhar, Co-Founder – Payatu, hardwear.io, nullcon, null, Amgad Magdy, INVLAB Founder, IS Consultant, David Jordan, CISO, Arlington County Government, Virginia, USA
Launch PDF

Establishing a Safe and Secure Municipal Drone Program 
Whether you are a fan of them or not, it is becoming increasingly evident that drones will in fact play an important and even critical role in the smart city environment. Cities around the world are actively working to implement large-scale drone programs to support various functions ranging from medical, transportation and agricultural to emergency management and infrastructure protection. It is important that these drone systems be safe, stable, resilient and sustainable. 

AUTHORS: Brian Russell, Chief Engineer, Leidos, Mohamad Amin Hasbini Senior Security Researcher, Kaspersky Lab and Martin Tom-Petersen, Client director and partner, Smart City Catalyst 
Launch PDF
Fooling the 'Smart City'  
The concept of a smart city brings together many modern technologies and solutions. Smart city infrastructures develop faster than security tools do, leaving ample room for the activities of both curious researchers and cybercriminals. 

AUTHORS:Denis Makrushin, Security Researcher at Kaspersky Lab, Vladimir Dashchenko, Research Developer, Critical Infrastructure Protection at Kaspersky Lab 
Launch PDF
(Ab)using Smart City  
Since these last few years our world has been getting smarter and smarter. We may ask ourselves: what does smart mean? It is the possibility of building systems which are nodes of a more complex network, digitally connected to the internet and to the nal users. Our cities are becoming one of those networks and over time more and more elements are getting connected to such network: from trac lights to information signs, from trac and surveillance cameras to transport systems. This last element, also called as Smart Mobility is the subject of our analysis.  

AUTHORS: Matteo Beccaro, Founder & CTO at Opposing Force, Matteo Collura, Researcher at Politecnico di Torino
Launch PDF

The Smart City Department Cyber Security role and implications  
Interest in the smart city concept has grown exponentially over the past few years, with top research being done in the Internet of Things (IoT) and urban domains to define, assess, and improve smart city services and offerings. In smart cities, information security plays a major role in protecting the higher levels of confidentiality, availability, and integrity as well as the stability that national services and organizations need to support sustainable and livable smart environments.  

AUTORS: Mohamad Amin Hasbini (Kaspersky Lab), Cesar Cerrudo (IOActive Labs), David Jordan (Arlington County Government, Virginia, USA), Ramzi El-Haddadeh (Qatar University), Alan Seow, (Cyber Security Practitioner), Samir Pawaskar, (Qatar Ministry of Information and Communications Technology Team). 
Launch PDF

Pen Testing a City 
How would you take down a city? How would you prepare for and defend against such an attack? The information security community does a great job of identifying security vulnerabilities in individual technologies and penetration testing teams help secure companies. At the next level of scale, however, things tend to fall apart... Read more in the Pentesting a City whitepaper. 

AUTORS: Gregory Conti (West Point), Tom Cross (Drawbridge Networks), and David Raymond (Virginia Tech) 
Launch PDF
Cyber Security Guidelines for Smart City Technology Adoption 
Interest in the smart city concept has grown continuously over in the past few years, with top research being done in the Internet of Things (IoT) and urban domains to define, assess, and improve smart city services and offerings. In smart cities, information security plays a major role in protecting the higher levels of confidentiality, availability, and integrity as well as the stability that national services and organizations need to support sustainable and livable smart environments.
The purpose of this document is to provide guidelines for public and private organizations when planning and organizing the selection and validation of smart city technologies. It describes the types of testing and assessments to consider in order to select the best and most secure vendors and technologies.

AUTHORS: Cesar Cerrudo, Amin Hasbini, Brian Russell
Launch PDF
Does CCTV put the public at risk of cyberattack?: How Insecure surveillance technology is working against you 
It is no secret that police departments and governments have been monitoring city streets for years, with security cameras proving invaluable in crime investigation and prevention. However, as a result of research conducted by Kaspersky Lab researcher Vasilios Hioureas and his fellow researcher Thomas Kinsey from Exigent Systems Inc., these systems could also be used in a harmful way.

AUTHORS: Vasilios Hioureas, Thomas (TK) Kinsey
Launch PDF
An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks
Cities around the world are becoming increasingly smart, which creates huge attack surfaces for potential cyber attacks. 
In this paper, IOActive Labs CTO Cesar Cerrudo provides an overview of current cyber security problems affecting cities as well real threats and possible cyber attacks that could have a huge impact on cities. Cities must take defensive steps now, and Cesar offers recommendations to help them get started. 

AUTHOR: Cesar Cerrudo
Launch PDF
Transformational ‘smart cities’: cyber security and resilience
This report will explore the requirements and challenges of creating a secure, reliable and resilient smart city. It will consider how administrations and the overall city ecosystems will need to provide innovative, resilient ‘smart’ solutions that leverage digital information while protecting against malicious violations, unintentional damage and natural disasters. 

AUTHOR:Giampiero Nanni
Launch PDF

Videos & Webinars

The Ultimate Tips to Implement a Secure Smart City Municipal Drone Program

AUTHOR: Amin Hasbini
Watch on YouTube
Smart City Security: Hacking and Securing Smart Cities
Modern cities are becoming smart by making use of new technologies for traffic control, public transport, street lighting, security, city  and resource management, and other improvements. These enhancements are extremely useful for citizens, however they come with inherent risk.
During this presentation from Cesar Cerrudo, CTO for IOActive, you will be shown how these technologies are vulnerable, as well as an overview of current and future threats. Cesar will also provide recommendations on how to improve a smart city’s security posture.

AUTHOR: Cesar Cerrudo
Watch on YouTube
Hacking Traffic Control Systems
Probably many of us have seen that scene from "Live Free or Die Hard" (Die Hard 4) were the "terrorist hackers" manipulate traffic signals by just hitting Enter key or typing a few keys, I wanted to do that! so I started to look around and of course I couldn't get to do the same, that's too Hollywood style! but I got pretty close. I found some interesting devices used by traffic control systems on important cities such as Washington DC, Seattle, New York, San Francisco, Los Angeles, etc. and I could hack them. I also found that these devices are also used in cities from UK, France, Australia, China, etc. making them even more interesting. This presentation will tell the whole story from how the devices were acquired, the research, on site testing demos (at Seattle, New York and Washington DC), vulnerabilities found and how they can be exploited. 


AUTHOR: Cesar Cerrudo
Watch on YouTube

Presentations