Smart Irrigation Systems Are Being Targeted By Botnet Attacks

Smart irrigation systems that have been deployed over unfertile land areas are being targeted by nefarious hackers who are attempting to cause a massive water crisis by making these systems take more water than required. The research was presented by a team of Israeli researchers at the DEF CON security conference in the US. The team has argued that these hackers were able to identify the vulnerabilities in the popular smart water irrigation system and take advantage of this IoT device to create botnets.

These kinds of attacks try to synchronize these irrigation systems to start at a time of their choosing and trigger a mass depletion of the local water resources which could lead to consumption of reserve water in the extreme cases.

To determine the feasibility of such attacks the team has identified the vulnerabilities in the Smart Water Irrigation Systems form the popular merchants such as BlueSpray, GreenIQ and RainMachine. Most of these flaws are obvious and the team has disclosed these vulnerabilities to the vendors. The attack doesn’t need to infect the water irrigation system directly said by the researchers at Ben-Gurion University of the Negev (BGU).

Ben Nassi, Former Google Employee and BGU PhD said that hackers can also infect these IoT devices if there are on the same LAN network which in the most cases is the local routers, Computers WiFi hotspots and other IoT devices. This suggests that these irrigation systems don’t need to be connected to the internet which makes the scale of attack more.

“A standard water tower can be emptied in an hour using a botnet of  1,355 sprinklers,” Nassi et. all wrote in their whitepaper. “A flood water reservoir can be emptied overnight using a botnet of 23,866 sprinklers.”

The researchers state that the hacker doesn’t need to infect devices remotely; they could just buy or rent a device to insert malicious code and when it is connected to the network back again it will construct a botnet for him.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil