Viable Cities Logo

Threat modelling and attack simulation

In order to reach climate and energy goals in viable cities digital solutions are needed, however increased digitization makes cities increasingly vulnerable to cyber attacks. The higher the degree of digitization, the more devastating the potential attacks.

In order to mitigate cyber threats, vulnerabilities first need to be identified. This is generally very difficult, because it requires (i) a detailed understanding of the system architecture, and (ii) significant security expertise. The task can be significantly facilitated by dedicated engineering tool support in the form of threat modeling and attack simulations. Threat modeling supports requirement no 1 by documenting the design of the system architecture. Attack simulation supports requirement no 2 by automating the identification of vulnerabilities.

The main goal is to develop a threat modeling and attack simulation approach specifically designed for smart facilities, a key concept in viable cities. Ethical hacking of smart components will also take place in order to improve the attack simulations.

This initiative is a continuation of Threat Modeling and Attack Simulation of Viable Cities.


  • Project leader: Robert Lagerström, KTH Royal Institute of Technology.
  • Partners: KTH, Foreseeti, JM, Stena, Coor
  • Total budget: SEK 6 000 000
  • Grant requested: SEK 3 000 000
  • Start date: 2020-01-01
  • End date: 2022-12-31
  • Type of action: innovation
  • Keywords: cyber security, threat modeling, attack simulation, risk management, vulnerabilities, smart facilities, internet of things.

More about the initiative


Blog post about phishing in the Infosecurity Magazine, "The Five Strategies Users Use to Determine Phishing: Which Work and Which Don't?". 2021-04-26.

SVT, She fixed the system's loophole: "Your garage can be criminalized" Student: Madeleine Berner, Supervisor: Pontus Johnson, Examiner: Robert Lagerström, 2020-07-13

Article in Trustee Forum "New model for safer digitalization", 2020-03-31

  • CVE-2021-32715 - hyper Crate HTTP Proxy request smuggling
  • CVE-2021-32714 - Request smuggling or desync attacks in hyper
  • CVE-2020-29664 - local arbitrary code execution without any hardware modifications on the DJI Mavic 2 Remote Controller and Leadcore processor on the DJI Mavic 2 Zoom drone
  • Eleven vulnerabilities related to the ismartgate PRO 1.5.9 were discovered
  • CVE-2019-12941 - AutoPi Wi-Fi/NB and 4G/LTE devices allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device.
  • CVE-2019-12944 - Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable
  • CVE-2019-12943 - Insecure permission, password reset function, in TTLock Open Platform.
  • CVE-2019-12942 - Insecure permission, account revocation mechanism, in TTLock Open Platform
  • CVE-2019-12821 - Vulnerability in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code
  • CVE-2019-12820 - Vulnerability in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, possible MiTM attack on http
  • CVE-2019-12797 - Vulnerability in a clone version of an ELM327 OBD2 Bluetooth device, hardcoded PIN leading to arbitrary commands to an OBD-II bus of a vehicle.