“Smart” infrastructure has become one of the buzziest bits of IT jargon over the last year, thanks to massive marketing pushes from companies including IBM, HP, and Cisco. The big idea: putting sensors everywhere that communicate in a mesh network and allow real-time tracking and optimization of everything from traffic to the power grid to the water supply.
But for security researchers, tying complex infrastructure systems to equally complex technology paints a bullseye on those “smart” sensor projects. In a talk at the Black Hat security conference in Barcelona Thursday, Greek researcher Thanassis Giannetsos plans to present a new software tool that he and two colleagues have written that they say would allow a malicious hacker to penetrate a sensor network and change or delete data at will.
The researchers says their attack would allow an intruder to take control of a sensor network with just a laptop, an antenna, and their exploit written in Java. The tool attacks the routing layer, affecting protocols like Mint Route and MultiHopLQI to collect, redirect or delete data. “What you’re trying to do is to destroy the tree of communication between sensors, to make all the nodes forward their data to you, not the base station,” says Giannetsos, a graduate student at the Athens Information Technology University. “Once you have all the data in the network, you can change it, inject new messages, drop it, impersonate new nodes, whatever you want.”
More info here.