back to article Your city's not smart if it's vulnerable, says hacker

"Real world hacker" Cesar Cerrudo has blasted vendors, saying they're stopping security researchers from testing smart city systems, and as a result they're being sold with dangerous unchecked vulnerabilities. The warning will be detailed at RSA San Francisco this week, and comes a year after the IOActive chief technology …

  1. Ole Juul

    Insurance companies might want to hear this talk.

    Governments and/or insurance companies demanding some kind of certification will help clear things up. Until then, vendors will continue selling whatever someone will buy.

    1. Robert Helpmann??
      Childcatcher

      Re: Insurance companies might want to hear this talk.

      Governments and/or insurance companies demanding some kind of certification will help clear things up.

      Won't happen, at least until things go disastrously wrong. There is no such thing as a proactive government entity. To be sure, this equipment will be tested. The only question is whether it will be white hats or black hats doing the testing first. I guess this article points out which it will be.

      1. Sir Runcible Spoon
        Joke

        Re: Insurance companies might want to hear this talk.

        Don't worry, they'll just pass a law saying that accessing these things will constitute a terrorist activity and that will sort everything out.

    2. Jason Bloomberg Silver badge

      Re: Insurance companies might want to hear this talk.

      In Europe one would hope the EU could come up with some regulation insisting on security across the bloc and every government would comply with such regulation.

      Of course, some see that as a bad thing in principle and will actively oppose regulation. Some even want to leave or opt-out of the EU as what may help society as a whole is often "bad for business" or imposes additional costs.

      Governments seem to prefer to pay the cost of failure later than pay the cost for protection now. As long as failure doesn't happen on their watch they can blame others for their own failings.

  2. big_D

    Italian Job

    Charlie's team showed how lax security was on the "smart" traffic system in Turin in 1969. It looks like nothing has improved since then...

    1. LucreLout

      Re: Italian Job

      It looks like nothing has improved since then...

      Certinaly not the mini anyway...

    2. VinceH

      Re: Italian Job

      "Charlie's team showed how lax security was on the "smart" traffic system in Turin in 1969. It looks like nothing has improved since then..."

      A more up to date documentary on the subject suggests it's even worse since then.

  3. Cliff

    It's only taxpayers money, who cares?

    Spend high on shiny new kit chasing the promised few dollars savings it generates - then spend infinitely more trying to restore your city and more again to upgrade and fix the string vest code.

    There's always an option when it comes to spending on fancy new systems - 'do nothing or go manual'. Most project teams overlook it because it's not seedy, no toys, doesn't generate headlines, doesn't shiny the CV, but it's essential. I worked for one of the really big software companies who delivered payslips electronically. The system was a mess and poked holes in the corporate security, and had to be replaced. Because of the increased security risk, running on extended warranty hardware on obsolete OS, using dedicated data centre capacity, etc., this was very expensive to keep alive. I costed out printing the payslips centrally (first thing anyone ever did with their electronic ones was print them anyway, on higher cost per impression printers) and delivering them via internal mail, savings were five figures per year. There's a lot to be said for not using technology 'just because', and I'm speaking as an avid technologist!

    1. Charles 9

      Re: It's only taxpayers money, who cares?

      And if "do nothing" and "go manual" aren't options for legal or "political" reasons?

      1. Cliff

        Re: It's only taxpayers money, who cares?

        Can't help you there - you voted for 'em! ;)

        1. Charles 9

          Re: It's only taxpayers money, who cares?

          Actually, I didn't. But what's one smart vote when up against ten stupid votes? And when the choices (if any) are down between Tweedledum and Tweedledummer?

  4. amanfromMars 1 Silver badge
  5. Alan Denman

    Info = fewer suckers

    Hard sell to the suckers is the par for the course.

    Remember, even in the PFI scandal, all the top brass kept their millions.

    No one went to jail ! Shareholders got the bill (the pension funds for the likes of you and me)

    1. Charles 9

      Re: Info = fewer suckers

      Problem is, the average capacity for information's already there, meaning the average person just wants to get to tomorrow and doesn't really have the patience to think in longer terms.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like