Assessing smart light enabled cyber-physical attack paths on urban infrastructures and services

Abstract

Internet-of-Things (IoT) extends the provision of remotely managed services across different domains. At the same time, IoT devices primarily designed for home environments may also be installed within the premises of critical urban environments, such as government, banking and corporate domains, without proper risk evaluation. In this paper, we examine the effect of cascading attacks triggered by the integration of vulnerable smart lighting systems in critical domains. In particular, we utilise known vulnerabilities of smart lighting systems to demonstrate the potential risk propagation on popular installation domains found in smart cities and urban infrastructures and services. Based on validated vulnerabilities on popular off-the-shelf smart lighting systems, we set up realistic proof-of-concept connectivity scenarios for various urban infrastructures and domains. Using these scenarios, we evaluate the risk of cascading attacks, by applying a targeted risk assessment methodology for identifying and assessing IoT-enabled attacks.