Home Appliances

Watch: Researchers Find Weakness in Urban Smart Water Systems that Could Lead to Cyberattacks

09 August 2018

Cybersecurity researchers from Ben-Gurion University of the Negev (BGU) have found the potential for a distributed attack against urban water services. They cite the use of a botnet that could attack smart irrigation systems.

Urban smart watering systems are vulnerable to cyber attack.Urban smart watering systems are vulnerable to cyber attack.

A botnet is a large network of computers and devices that are controlled by a command and control server without the owner’s knowledge.

The researchers analyzed smart irrigation systems and found many vulnerable areas that could allow hackers to turn the water systems on and off. The potential hack was tested on three widely sold systems.

"By simultaneously applying a distributed attack that exploits such vulnerabilities, a botnet of 1,355 smart irrigation systems can empty an urban water tower in an hour and a botnet of 23,866 smart irrigation systems can empty water reservoir overnight," Nassi says. "We have notified the companies to alert them of the security gaps so they can upgrade their smart system's irrigation system's firmware. Municipalities and local government entities have adopted new green technology using IoT smart irrigation systems to replace traditional sprinkler systems, and they don't have the same critical infrastructure security standards."

The researchers have shown how the new attack against water systems can operate without having to physically infect the system. The attack can be applied with a botnet of smart systems, eliminating the need for physical interfering of any kind. The team demonstrated a bot running on a compromised device that can connect to the smart irrigation system, which is in turn connected to a LAN. The system can turn on the watering system via hijacking and replay attacks.

"Although the current generation of IoT devices is being used to regulate water and electricity obtained from critical infrastructures, such as the smart-grid and urban water services, they contain serious security vulnerabilities and will soon become primary targets for attackers," says Nassi, who is also a Ph.D. student of Prof. Yuval Elovici's in BGU's Department of Software and Information Systems Engineering and a researcher at the BGU Cyber Security Research Center. Elovici is the Center's director as well as the director of Telekom Innovation Labs at BGU.

The paper is currently published on the Cornell University website.

Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter