While the definition of “smart city” is still under debate, one thing is indisputable: the technologies used to make smart cities a reality are currently acquired and deployed after very little (or even no) security testing.
Cesar Cerrudo, CTO at IOActive and board member of the Securing Smart Cities initiative, says that city governments – the buyers of these technologies – often blindly trust vendors when they say that their products are secure.
They ask vendors to fill out a questionnaire containing questions such as “Does your product use authentication?”, “Does your product use encryption?”, “Does your product …?” but don’t bother to check whether the answers are true or whether everything works as it should and security features are strong and don’t sport glaring vulnerabilities.