Outsmarting the Smart City

Conference:  Defcon 26



The presentation discusses the security flaws in smart city technology and the potential consequences of these vulnerabilities. It also explores the privacy implications of smart cities and the future of smart city tech.
  • Smart city technology encompasses a range of different technologies, including industrial systems, urban automation, public safety and emergency management technology, intelligent transportation systems, and metropolitan area networks.
  • There are serious privacy concerns with smart city technology, as citizens may not have the same choices they have in their own private homes.
  • The presentation focuses on newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology.
  • The vendors of the affected devices responded positively to the disclosure of the vulnerabilities and issued patches to fix them.
  • The presentation suggests that smart city technology vendors can learn from the security measures used in implantable medical devices, as updating these devices requires surgery and updating devices encased in concrete would require a jackhammer.
  • The future of smart city technology is discussed, including the potential for flying cars and other retro-futuristic technologies.
  • The presentation concludes by emphasizing the importance of addressing the security and privacy concerns of smart city technology.
The presenter shared that he holds the noble title of Baron in the micro nation of Sealand, and that he had to choose a different title than Research Director for his job at IBM due to 'director' being a reserved word. He joked that he pitched the title 'Tyrannical Research Dictator' but it was not well-received.


The term"smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are and how the implications of these vulnerabilities could have serious consequences. In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the privacy implications of smart cities, the implications of successful attacks on smart city tech, and what the future of smart city tech may hold.



Post a comment

Related work

Conference:  BlackHat USA 2018

Conference:  Defcon 31
Authors: Christian “quaddi” Dameff MD Physician & Medical Director of Cyber Security at The University of California San Diego, Jacqueline Burgette, DMD, PhD White House Fellow in The Office of National Cyber Director (ONCD), Jeff “r3plicant” Tully MD Anesthesiologist at The University of California San Diego, Nitin Natarajan Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA), Senator Mark Warner Virginia Senator and Chair of the US Cybersecurity Caucus, Suzanne Schwartz MD Director of the Office of Strategic Partnerships and Technology Innovation (FDA)

Conference:  BlackHat USA 2020