We’re shocked, shocked!, to learn of yet another grievous security problem with commercial IoT products .
In this case, “smart” irrigation systems connected to a network are—wait for it—vulnerable to hacking.
These devices are intended to conserve water by managing irrigation of yards, gardens, and farms. Digitized sensors and controllers make it possible for remote and algorithmic control of irrigation, precisely delivering only what is needed, where and when it is needed. Anyone who has observe legacy systems mindlessly dumping vast amounts of water everywhere, including into the air, appreciates the value of this precision.
There are many such systems available for municipal, commercial, and residential use. These systems typically work at the client’s end, i.e., connected to a tap from the water supply. Some of the systems also connect to wider internet services, such as weather reports, cloud services, and mobile devices. The latter provide control and tracking information, in lieu of dedicated local resources.
The paper outlines how these systems can be attacked and taken over by hackers. Honestly, there isn’t much surprising here. (There is one unique for of attack: hacking a weather forecast in ways to fool the algorithms.) The attacker uses a bot net to find and take control of these smart digital irrigation systems.
So, who cares if my garden sprinklers go haywire?
As the researchers show, a coordinated attack on these systems is an attack not only on the users (including, possibly food production), but on the water supply. The damage to any one user is minimal, but if many systems are hacked at the same time, it can have a large impact on water supplies—critical infrastructure, indeed.
The paper sketches the basic arithmetic: a few thousand sprinklers running for an hour could empty a water tower. Twenty thousand sprinklers running overnight could suck dry a reservoir. And so on.
This hazard is particularly pernicious because it is
“an attack against critical infrastructure that does not necessitate compromising the infrastructure itself and is done indirectly by attacking attacking [sic] client infrastructure that is not under the control of the critical infrastructure provider.“
No matter how well the water company protects its systems, it is vulnerable to errors and weaknesses in the consumer’s infrastructure.
In this, “piping botnet” is a paradigm for one of the greatest threats posed by the IoT: poorly defended devices are connected directly and indirectly to critical infrastructure. In this case, the connection is extremely clear (the valves are attached to the faucet from the infrastructure). In other cases (e.g., a refrigerator that orders food), the links are less direct and harder to identify—but real nonetheless.
Similarly, this is a classic example of a consumer system that can’t do much harm on its own, and appears to need no special security or expertise. But when a “smart city” is infested with millions of poorly secured basically autonomous devices, the aggregate is a significant potential hazard.
I’ll note that because the effects are so very clear, there are defenses that will probably be deployed to project the infrastructure from these systems. For one thing, utilities will try to use “smart meters” to detect and disconnect misbehaving consumer systems. Smart meters can be made hard to hack, though they still might be suborned. In that case, a last line of defense could be an off line monitor installed by the consumer that detects gross misbehavior and cuts the system off the infrastructure.
- Ben Nassi, Moshe Sror, Ido Lavi, Yair Meidan, Asaf Shabtai, and Yuval Elovici, Piping Botnet – Turning Green Technology into a Water Disaster. arXiv, 2018. https://arxiv.org/abs/1808.02131