'Supervillain-Level' Cyberattack Test on Cities Uncovers Shocking Flaws

Experts warn “supervillain-level” cyberattacks are no longer far-fetched—they are a real threat. iStock

In Hollywood movies, it's common to see a stereotypical hacker infiltrate a city's infrastructure and wreak havoc by tinkering with traffic lights or alarm systems. In reality, experts warn that "supervillain-level" cyberattacks are no longer far-fetched—they are a real threat.

Research unveiled today shows how vulnerabilities in "smart city" technology could be compromised by hackers. Bugs were found in major cities in the U.S. and Europe, with teams from IBM and Threatcare disclosing a series of "disturbing" scenarios that could soon play out for real. These included the abuse of flood warnings, radiation alarms and, yes, traffic networks.

"If someone, supervillain or not, were to abuse vulnerabilities like the ones we documented in smart city systems, the effects could range from inconvenient to catastrophic," a report said.

The experts were inspired by the recent incident in Hawaii in which an alert warned citizens that a ballistic missile was inbound. The blaring island alarms, made in error, caused mass panic. Research found 17 major flaws in four smart city systems, eight of which were labeled "critical." They spotted basic errors, including weak passwords and basic authentication flaws.

The tested devices, IBM's X-Force cyberdivision said, fell into three main categories: intelligent transportation systems, disaster management and the industrial Internet of Things (IoT).

The team discovered hundreds of devices were exposed to "remote access" via the internet. Just like Die Hard 4 (ahead of its time, it seems) it warned "panic attacks" are now a real possibility.

"The effects of vulnerable smart city devices are no laughing matter, and security around these sensors and controls must be a lot more stringent," wrote IBM's Daniel Crowley. Each of the affected vendors were notified of the security issues and have issued patches, he said.

"Attackers could manipulate water level sensor responses to report flooding in an area where there is none—creating panic, evacuations and destabilization," Crowley wrote. In another example, he said: "Controlling additional systems could enable an attacker to set off a string of building alarms or trigger gunshot sounds on audio sensors across town, further fueling panic."

The findings show that it is not just electric grid hacking that may soon cause chaos in the U.S. Researchers recently said a new group of cybercriminals were probing critical networks.

"Pick your favorite crime action movie from the last few years, and there's a good chance that some hacker magically controls traffic signals and reroutes vehicles," the IBM expert noted.

"Things in the real world can be even less complicated."

The effects of a smart city hack could range from "inconvenient to catastrophic,” a report said. iStock