![Page 1: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/1.jpg)
SESSION ID:
#RSAC
Denis Legezo
Smart Megalopolises. How Safe and Reliable Is Your Data?
TECH-T09
Global Research and Analytics Team, Kaspersky Lab@Legezo
![Page 2: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/2.jpg)
#RSAC
Megalopolises are changing fast
2
![Page 3: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/3.jpg)
#RSAC
The plan for today
3
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 4: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/4.jpg)
#RSAC
Why cities need all this stuff?
4
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 5: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/5.jpg)
#RSAC
Why do cities have be smart?
5
Investments
Staff
Infrastructure
Data centers
Operation center
![Page 6: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/6.jpg)
#RSAC
Raw data for planning
6
![Page 7: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/7.jpg)
#RSAC
…And for traffic management
7
Possible to use for the traffic lights
Counting vehicles number and change timings
Counting pedestrians as well
![Page 8: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/8.jpg)
#RSAC
Radars are the source of such data
8
![Page 9: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/9.jpg)
#RSAC
The first phase
9
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 10: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/10.jpg)
#RSAC
Appearance is a great help
10
![Page 11: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/11.jpg)
#RSAC
..Any IDs you can get are also
11
MACs
Names
Any IDs
![Page 12: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/12.jpg)
#RSAC
What we are gathering?
12
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 13: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/13.jpg)
#RSAC
Look, interfaces
13
![Page 14: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/14.jpg)
#RSAC
And a lots of data on-board
14
![Page 15: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/15.jpg)
#RSAC
What's inside the data?
15
Vehicle type
Number of vehicles
Median speed
Station occupancy
![Page 16: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/16.jpg)
#RSAC
The Holy Grail
16
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 17: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/17.jpg)
#RSAC
Can we add some functions?
17
Through interface
Debugger?
Commands?
What is format?
![Page 18: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/18.jpg)
#RSAC
Format looks like iHex or SREC
18
![Page 19: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/19.jpg)
#RSAC
But for which controller is it?
19
![Page 20: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/20.jpg)
#RSAC
LinkedIn isn't only for HR
20
![Page 21: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/21.jpg)
#RSAC
..but it happens anyway
21
For me in a blackbox mode it looks like dead end
But does it means dead end at all?
Of course not!
![Page 22: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/22.jpg)
#RSAC
Even with the stock firmware..
22
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 23: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/23.jpg)
#RSAC
Reconnaissance first
23
I started with script + C
Bluetooth tools
adb to get GPS from phone
C code for sending
What to send?
![Page 24: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/24.jpg)
#RSAC
Commands are partly known
24
![Page 25: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/25.jpg)
#RSAC
So we can automate
25
![Page 26: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/26.jpg)
#RSAC
Sensor will answer
26
![Page 27: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/27.jpg)
#RSAC
What about the small DDoS?
27
Driving by, changing settings
Time: all traffic at night
Types: all traffic trucks
![Page 28: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/28.jpg)
#RSAC
Python + PostgreSQL seems better
28
![Page 29: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/29.jpg)
#RSAC
Resolve vendor and address offline
29
![Page 30: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/30.jpg)
#RSAC
What to do further and else?
30
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 31: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/31.jpg)
#RSAC
Side effects
31
Gather Wi-Fi data and filter it with Postgres views
MACs can be anonymous
WEP is still alive
![Page 32: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/32.jpg)
#RSAC
Where is always place for fuzzing
32
Where are undocumented commands
![Page 33: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/33.jpg)
#RSAC
So much other stuff
33
![Page 34: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/34.jpg)
#RSAC
...even speeding penalties
34
Smart cities security perimeter if huge
So is the surface of attacks
Different authorities are in charge of the infrastructure
![Page 35: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/35.jpg)
#RSAC
...And tools
35
![Page 36: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/36.jpg)
#RSAC
What to apply?
36
Change appearance and default names
Don't rely only on standard authentication
Cooperate with third-party researches
Think a little bit like malefactor or hire someone who can
I know embedded devices vendors with generous bug bounty program. Respect
Cities also could participate
![Page 37: SESSION ID: TECH-T09 Smart Megalopolises. How Safe and ... · SESSION ID: #RSAC Denis Legezo Smart Megalopolises. How Safe and Reliable Is Your Data? TECH-T09 Global Research and](https://reader036.vdocuments.site/reader036/viewer/2022070720/5ee11648ad6a402d666c184c/html5/thumbnails/37.jpg)
#RSAC
Summary
37
Smart city infrastructure is visible due to ID
Kudos to vendor, firmware is strong
Automation is possible with change of any settings
Interesting side effects with wireless protocols
Go further!