Guess what's 'easily hacked'? Yes, that's right: Smart city transport infrastructure

Re: Big data is junk

Most data is garbage. The problem is the data collection was often not thought out nor properly managed.

Re: Now all we need is a safe full of gold!!

Dump trucks, like in Die Hard. More room for gold, you, and a case of champagne; and good luck stopping it with a Fiat police car.

Re: Now all we need is a safe full of gold!!

Here's a chance to vicariously enjoy Mini Coopers, real ones not the ersatz Beemer variety.

https://www.youtube.com/watch?v=kuKYtRuDiuw

Re: Now all we need is a safe full of gold!!

Now the question: Are you the "Napster?"

I still like the HiFi that was demonstrated at the end of the movie.

Re: Now all we need is a safe full of gold!!

> Mini Coopers are a mite small

But the new ones are bigger than a some of the 1980s Corolla models. Sad when you think about it.

Re: Now all we need is a safe full of gold!!

The new MINI™ is the size of a small truck.

Re: Good find

These stories have popped up from time to time, as I recall. It's just like IoT, much lip service but nothing changes. But with Kaspersky jumping in, maybe someone will listen and actually do something about it.

Re: er...passwords *are* authentication, aren't they?

"No authentication of the road sensor to the client device."

There, that better? So you could pretend to be the traffic sensor and the client device would be none the wiser.

It's also not encrypted, so the password is broadcast over the air anyway. So the "authentication" here, in addition to being one-way, is also useless and might as well not exist.

Re: That's soooo easy to fix..

"Just drop the word "Smart" from such efforts,"

Especially since to most of the population outside of the US, smart doesn't mean what they think it means.

Hi Kev, this appears to be a bluetooth exploit, not a web-facing one. However no doubt it interfaces with a WAN connection *somewhere*. Only a matter of time...!

I can't speak for the city or agency involved here, but some it depends on the definition of "high security". We usually split security into confidentiality, integrity and so on: for some data, integrity and immutability matter far far more than confidentiality? For example, sensor data that have to be published later at some point anyway - it's far more important to make sure it can't be altered or data injected than to keep it top secret: a case-by-case analysis has to be undertaken, however, and it has to get possible to change.

For high integrity but "to be publishedl" grade info, i would say stuff should go to wherever shows the best cost/benefit IFF the integrity requirements can be met. As our internal storage typically costs 20 times AWS S3, for example, you can guess what that means for bulk / archives. Again, IFF the integrity requirement can be met.

For "high security data", it's not on the main network anyway. Entire systems run on private networks - but then you get a different problem: what do you with terabytes of archives when PHBs won't allow any capital spending on IT equipment for things that aren't safety critical or aren't public-facing? Archive offline & lose the ability to do trending / long-term work other than on samples? Say "but we need to spend it to meet your other requirements" and be told "ok but your overall budget is going down this year and next, so you have to find savings elsewhere to cover it, with no loss in functionality"?

For a sensor that's embedded in the middle of the road?

Even stuff that's on the footpath, this is going to be impractical.