Smart  Citiesin  the  IoT EraMatteo  Beccaro ||  IoT Tech  Expo

Berlin  – June  14th,  2016

Me  ||

§ Matteo  Beccaro

§ Founder&  Chief  Technology  Officer  at  Opposing  Force§ The  first  Italian  company  specialize  in  offensive  physical  security

§ Twitter:  @_bughardy_  |  @_opposingforce

§ Web:  www.opposingforce.it

Starting  from  May  2016Opposing  Force  is  member  of

Agenda  ||

§ Smart  cities  building  technologies

§ Smart  transportation  systems

§ The  role  of  cyber-­‐physical  security

§ Smart  parking  meter  case  study

Agenda  ||

§ Smart  cities  building  technologies

§ Smart  transportation  systems

§ The  role  of  cyber-­‐physical  security

§ Smart  parking  meter  case  study

Smart  transportation  systems

Smart  transportation  systems  ||

§ Smart  traffic  control

§ Smart  parking  

§ Smart  street  lighting

§ Smart  public  transport  system

Smart  resources  systems

Smart  resources  systems  ||

§ Smart  energy  management

§ Smart  water  management

§ Smart  waste  management

Smart  security  and  safety  systems

Smart  security  and  safety  systems  ||

§ Connected  security  cameras

§ Connected  alarm  systems  

§ Connected  safety  systems

§ Connected  access  control  systems

Agenda  ||

§ Smart  cities  building  technologies

§ Smart  transportation  systems

§ The  role  of  cyber-­‐physical  security

§ Smart  parking  meter  case  study

let’s  see  the  taxonomy ofsmart  transportation  systems

Citizens

Smart  Traffic  Control

Smart  Lighting  Control Smart  Transportation

Smart  Parking  System

Smart  Traffic  Control

Smart  Lighting  Control Smart  Transportation

Smart  Parking  System

Citizen

going  more  in  details…

Smart  transportation  systems  ||Physical  world  data

Physical  world  data

Agenda  ||

§ Smart  cities  building  technologies

§ Smart  transportation  systems

§ The  role  of  cyber-­‐physical  security

§ Smart  parking  meter  case  study

the  smart security

securing  the  ecosystem

The  role  of  cyber-­‐physical  security  ||

Edge  domain  security  ||

Device Issues Impact Risk

Traffic  Sensors

Identities validation MiTM attacks High

Data  integrity Data spoofing High

Data  confidentiality Data sniffing Low

Data  availability Denial  of  Service Medium

Cloud  domain  security  ||

Device Issues Impact Risk

Admin  Panel

Authorization process Authorization   bypass High

Authentication process Authentication  bypass High

Data  validation SQL  Injection,  XSS,  etc. High

Data storing  process Data leakage Medium

Client  domain  security  ||

Device Issues Impact Risk

Mobile App

Data  storage Data  leakage Medium

Communication  process MiTM attacks Medium

Hardcoded  credentials Secrets/keys  leakage High

Authentication  process Authentication  bypass High

..and  definitely:  assess  the  securityof  your  products,  always..

Agenda  ||

§ Smart  cities  building  technologies

§ Smart  transportation  systems

§ The  role  of  cyber-­‐physical  security

§ Smart  parking  meter  case  study

Smart  parking  meter  case  study  ||

Sorry..  we  are  still  working  with  the  vendor  for   fixingthe  hardware  and  software  bugs  we  found..

Smart  parking  meter  case  study  ||

CLIENT  DOMAINEDGE  DOMAIN CLOUD  DOMAIN

USB GSM

NFC

Smart  parking  meter  case  study  ||

CLIENT  DOMAINEDGE  DOMAIN CLOUD  DOMAIN

No  data  validation

Trust  in  the  Edge  Device  provided  information

Stay  tuned!details  on  our  research  will  be  presented

at  DEF  CON  24  in  Vegas

Q&A  ||

Any  question?Don’t  be  shy..

Thank  you

Contacts  – engage@opposingforce.it  ||  www.opposingoforce.it  ||  @_opposingforce