Skip to main content

Today, hacks are annoying. In future smart cities, they could kill

Image used with permission by copyright holder

Lax computer security is something everybody complains about, but no one does anything to fix it. Witness the egregious examples of security lapses ranging from Equifax to Yahoo that have compromised the personal data of billions of people.

But that lackadaisical attitude toward cybersecurity is going to have to change if smart cities are going to succeed. As more of a city’s physical infrastructure relies on connected services to control everything from traffic lights to the power grid, the more vulnerable it potentially becomes—and the more dangerous it becomes for citizens walking its streets.

Cities across the globe are installing technology to gather data in the hopes of saving money, becoming cleaner, reducing traffic, and improving urban life. In Digital Trends’ Smart Cities series, we’ll examine how smart cities deal with everything from energy management, to disaster preparedness, to public safety, and what it all means for you.

Until now, the compromised security at businesses like Dunkin’ Donuts, Marriott’s SPG loyalty program, and Quora has been, for many people, a mere annoyance. True, the breach at Marriott involved as many as 500 million customers and their passport information, a costly mistake that could run into billions of dollars if the documents have to be replaced. But in general, cyber fraud and identity theft has become an accepted cost of the convenience of leading a digital life.

However, such security mistakes could prove fatal in smart cities of the future where everything from public transportation to water filtration systems rely on the integrity of a municipality’s cyber connections.

Perhaps nowhere is the threat more keenly perceived than in the nexus between self-driving vehicles and a city’s traffic infrastructure. What would happen, security researchers worry, if such communications were interrupted or, even worse, falsified? Could cars and buses be sent careening at each other at full speed or remotely directed to speed over sidewalks into pedestrians and buildings?

Argus Cyber Security

Fortunately, several security focused companies, such as Argus and Upstream, have been working for some time in the connected car space, trying to button down automotive systems. Argus demonstrated some of the vulnerabilities to Digital Trends by using a known hack to remotely turn on a Jeep’s headlights, windshield wipers, and even brake the car while this reporter was driving the vehicle. It’s an unnerving experience, to say the least. But imagine hundreds of cars all being remotely controlled by digital pirates looking to cause citywide mayhem.

Lackadaisical attitude toward cybersecurity is going to have to change if smart cities are going to succeed.

Such scenarios are the stuff of engineers’ nightmares. So automakers have been building out their own security operation centers, anticipating the connected future. Major parts suppliers have also been expanding their offerings. (German auto systems company Continental acquired Argus, for example.) In general, such security work has focused on watching for nefarious communications with cars, anticipating hacks before an incursion can occur.
But beyond self-driving cars, smart cities require a broader approach.

So last month BlackBerry announced it was going to make a security credential management system (SCMS) freely available to cities and automakers working on smart city projects. The idea: use a public key-based certificate system to authenticate transmitted instructions and information between transportation systems and the municipal infrastructure. It would ensure, for example, that a message from the city’s traffic system that a light ahead was turning red was genuine, so that self-driving cars would stop in time. Conversely, an ambulance could turn lights ahead green and send warnings to other vehicles on the road. Such vehicle-to-infrastructure and vehicle-to-vehicle (V2X) communications need to be virtually instantaneous and reliable to ensure safety.

Jim Alfred, the head of BlackBerry’s Certicom product group, told Digital Trends during a press conference that such certificates would be generated on the fly, so that they couldn’t be spoofed or faked. Furthermore, the cloud-based approach would be fast enough to accommodate the needs of such V2X systems, including alerts about accidents or sudden changes in road conditions ahead.

BlackBerry, which has arguably more experience with in-car systems via its QNX division than any other company, also said that the communications between vehicle and infrastructure would remain anonymized to maintain privacy. The initial tests of the company’s system will take place early this year in coordination with the Invest Ottawa development program and its supported 10-mile autonomous vehicle test track in Canada’s capital.

Ottawa's Autonomous Vehicle Ecosystem
Ottawa’s Autonomous Vehicle Ecosystem Invest Ottawa

[Toronto wants to get smart, but citizens are concerned about privacy.]
The need for such a secure communications system has been noted by the U.S. Department of Transportation, but no standard has yet been proposed. That means municipal governments are on their own when it comes to ensuring the reliability and safety of such systems.

Further underscoring the issue, cybersecurity is a moving target. As new services like smart city integration come online, it opens up new attack vectors and more opportunities for new hacking techniques. Mozilla, for example, recently noted the lack of security on popular drones from DJI and Parrot, a concern as cities look to such unmanned aircraft to assist first responders and law enforcement–never mind the kind of disruptions caused by rogue drones at London’s Gatwick airport. And as has been painfully demonstrated over the past couple of years, larger companies have been unable to stay ahead of such threats on their own. So many businesses and governments are looking to smaller security startups for help.

In New York City, a new Global Cyber Center is being created for just such a purpose under the direction of the New York City Economic Development Corporation. Last fall, the city selected the Israeli firm, SOSA, to establish and manage the center, which will bring together venture capitalists, security startups, and Fortune 500 companies seeking solutions to tomorrow’s digital threats.

“The biggest worry is about autonomous vehicles where one single hack can go global,” Uzi Scheffer, SOSA’s CEO, told Digital Trends. He said the fact that New York is also a global financial center makes it an even more attractive target for hackers.

“The biggest worry is about autonomous vehicles where one single hack can go global.”

SOSA expects the 15,000-square-foot Global Cyber Center will open in Manhattan’s Chelsea neighborhood by the spring. It’s intended to be a launching pad for new security initiatives that larger corporate and municipal clients can tap into. But it’s also going to take a significant amount of money: $30 million from the city and a reported $70 million from private partners.

Obviously, not every municipality can attract such substantial investments or afford such vertically oriented technology initiatives. Hence, the need for a security standard is rapidly becoming one of the more pressing problems for smart cities looking to integrate intelligent systems. Whether we’ll see the adoption of such an industry standard or see a service like that from Blackberry become a de facto standard for cities to build on, remains to be seen.

Editors' Recommendations

John R. Quain
John R. Quain writes for The New York Times, Men's Journal, and several other publications. He is also the personal…
Don’t buy the Meta Quest Pro for gaming. It’s a metaverse headset first
Meta Quest Pro enables 3D modeling in mixed reality.

Last week’s Meta Connect started off promising on the gaming front. Viewers got release dates for Iron Man VR, an upcoming Quest game that was previously a PS VR exclusive, as well as Among Us VR. Meta, which owns Facebook, also announced that it was acquiring three major VR game studios -- Armature Studio, Camouflaj Team, and Twisted Pixel -- although we don’t know what they’re working on just yet.

Unfortunately, that’s where the Meta Connect's gaming section mostly ended. Besides tiny glimpses and a look into fitness, video games were not the show's focus. Instead, CEO Mark Zuckerberg wanted to focus on what seemed to be his company’s real vision of VR's future, which involves a lot of legs and a lot of work with the Quest Pro, a mixed reality headset that'll cost a whopping $1,500.

Read more
Meet the game-changing pitching robot that can perfectly mimic any human throw
baseball hitter swings and misses

Who’s your favorite baseball pitcher? Shane McClanahan? Sandy Alcantara? Justin Verlander? Whoever you said, two of the top sports-tech companies in the U.S. -- Rapsodo and Trajekt Sports -- have teamed up to build a robot version of them, and the results are reportedly uncannily accurate.

Okay, so we’re not talking about walking-talking-pitching standalone robots, as great a sci-fi-tinged MLB ad as that would be. However, Rapsodo and Trajekt have combined their considerable powers to throw a slew of different technologies at the problem of building a machine that's able to accurately simulate the pitching style of whichever player you want to practice batting against -- and they may just have pulled it off, too.

Read more
The best portable power stations
EcoFlow DELTA 2 on table at campsite for quick charging.

Affordable and efficient portable power is a necessity these days, keeping our electronic devices operational while on the go. But there are literally dozens of options to choose from, making it abundantly difficult to decide which mobile charging solution is best for you. We've sorted through countless portable power options and came up with six of the best portable power stations to keep your smartphones, tablets, laptops, and other gadgets functioning while living off the grid.
The best overall: Jackery Explorer 1000

Jackery has been a mainstay in the portable power market for several years, and today, the company continues to set the standard. With three AC outlets, two USB-A, and two USB-C plugs, you'll have plenty of options for keeping your gadgets charged.

Read more