Outsmarting the Smart City

Conference:  BlackHat USA 2018



The presentation discusses the security flaws in smart city technology and the potential consequences of these vulnerabilities. It also explores the privacy concerns of smart cities and the future of smart city technology.
  • Smart city technology encompasses a range of different technologies, including industrial systems, urban automation, public safety and emergency management technology, intelligent transportation systems, and metropolitan area networks.
  • There are serious privacy concerns with smart city technology, as citizens may not have the same choices they have in their own private homes.
  • The presentation focuses on newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology.
  • The implications of successful attacks on smart city technology could have serious consequences.
  • Implantable medical devices offer lessons for smart city technology vendors, as updating these devices can be difficult once they are implanted.
  • The vendors of the smart city devices responded positively to the disclosure of the vulnerabilities and issued patches to fix them.
  • Testing smart city devices could be expanded as a public service.
  • The future of smart city technology is discussed.
The speaker shared that he holds the noble title of Baron in the micro nation of Sealand, and that he had to choose a different title than Research Director for his position at IBM due to 'director' being a reserved word. He also shared that he pitched the title 'Tyrannical Research Dictator', but it was not accepted.


The term "smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are and how the implications of these vulnerabilities could have serious consequences. In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the privacy implications of smart cities, the implications of successful attacks on smart city tech, and what the future of smart city tech may hold.



Post a comment

Related work

Conference:  Defcon 26

Conference:  Defcon 31
Authors: Christian “quaddi” Dameff MD Physician & Medical Director of Cyber Security at The University of California San Diego, Jacqueline Burgette, DMD, PhD White House Fellow in The Office of National Cyber Director (ONCD), Jeff “r3plicant” Tully MD Anesthesiologist at The University of California San Diego, Nitin Natarajan Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA), Senator Mark Warner Virginia Senator and Chair of the US Cybersecurity Caucus, Suzanne Schwartz MD Director of the Office of Strategic Partnerships and Technology Innovation (FDA)

Conference:  BlackHat USA 2020