Smart irrigation systems, a new IoT device which is aimed at saving water and money, have already been adopted by smart cities (e.g., Barcelona), agriculture, and the private sector around the world and will replace existing traditional irrigation systems in the next few years as part of the smart water grid revolution. Connected to the Internet (via Wi-Fi/GSM communication) and critical infrastructure (e.g., water reservoirs), they will become a new target for motivated hackers and attackers. In this talk, we present research that was conducted over the past year, in which we investigated and reversed engineered three of the 10 most sold commercial smart irrigation systems (GreenIQ, RainMachine, and BlueSpray). We analyzed their interfaces with weather forecast services, cloud servers, sensors, and C&C devices, and based on this analysis, we present novel attack vectors against smart irrigation systems. We demonstrate (in videos) the implementation of the attack vectors on commercial smart irrigation systems and show how each of them contains a critical security vulnerability which allows a motivated hacker to remotely gain complete control of the system by: (1) hijacking or (2) influencing the smart irrigation system’s artificial intelligence. Finally, we talk about the damage that hackers can cause by performing attacks on smart irrigation systems and hypothesize whether the next generation of plumbers will use Kali Linux instead of a monkey wrench.
Дата: 21.11.2018. Категории: