Cybersecurity Researchers Warn of Attack Against Urban Water Services

Ben-Gurion University of the Negev (BGU) cybersecurity researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously. A botnet is a large network of computers or devices controlled by a command-and-control server without the owner’s knowledge.

Researchers analyzed and found vulnerabilities in a number of successful commercial smart irrigation systems, including GreenIQ, BlueSpray, and RainMachine, which all enable attackers to remotely turn watering systems on and off at will.

“By simultaneously applying a distributed attack that exploits such vulnerabilities, a botnet of 1,355 smart irrigation systems can empty an urban water tower in an hour and a botnet of 23,866 smart irrigation systems can empty flood water reservoir overnight,” researcher Ben Nassi said. “We have notified the companies to alert them of the security gaps so they can upgrade their smart system’s irrigation system’s firmware.”

In the study, the researchers present a new attack against urban water services that doesn’t require infecting its physical cyber systems. Instead, the attack can be applied using a botnet of smart irrigation regulation systems at urban water services that are much easier to attack. Water production and delivery systems are part of a nation’s critical infrastructure and generally are secured to prevent attackers from infecting their systems.

The researchers demonstrated how a bot running on a compromised device can (1) detect a smart irrigation system connected to its LAN in less than 15 minutes, and (2) turn on watering via each smart irrigation system using a set of session hijacking and replay attacks.

Read the full study

Kalyna White is the STEM Ambassador to the Board of Directors for Women in Homeland Security. She is the founder of LABUkraine, a non-profit organization that builds computer labs for orphans in Ukraine. Since 2011 she has worked with Women in Homeland Security to encourage middle and high school student to pursue STEM careers by organizing and supporting field trips to STEM missions throughout the homeland security enterprise.

Leave a Reply

Latest from Cybersecurity

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security