Nav: Home

New cyberattacks against urban water services possible warn Ben-Gurion University researchers

August 09, 2018

DEF CON, LAS VEGAS...August 9, 2018 - Ben-Gurion University of the Negev (BGU) cyber security researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously. A botnet is a large network of computers or devices controlled by a command and control server without the owner's knowledge.

Ben Nassi, a researcher at Cyber@BGU, will be presenting "Attacking Smart Irrigation Systems" in Las Vegas at the prestigious Def Con 26 Conference in the IoT Village on August 11.

The researchers analyzed and found vulnerabilities in a number of commercial smart irrigation systems, which enable attackers to remotely turn watering systems on and off at will. The researchers tested three of the most widely sold smart irrigation systems: GreenIQ, BlueSpray, and RainMachine smart irrigation systems. Watch the video.

"By simultaneously applying a distributed attack that exploits such vulnerabilities, a botnet of 1,355 smart irrigation systems can empty an urban water tower in an hour and a botnet of 23,866 smart irrigation systems can empty ?ood water reservoir overnight," Nassi says. "We have notified the companies to alert them of the security gaps so they can upgrade their smart system's irrigation system's firmware."

Water production and delivery systems are part of a nation's critical infrastructure and generally are secured to prevent attackers from infecting their systems. "However, municipalities and local government entities have adopted new green technology using IoT smart irrigation systems to replace traditional sprinkler systems, and they don't have the same critical infrastructure security standards."

In the study, the researchers present a new attack against urban water services that doesn't require infecting its physical cyber systems. Instead, the attack can be applied using a botnet of smart irrigation regulation systems at urban water services that are much easier to attack.

The researchers demonstrated how a bot running on a compromised device can (1) detect a smart irrigation system connected to its LAN in less than 15 minutes, and (2) turn on watering via each smart irrigation system using a set of session hijacking and replay attacks.

"Although the current generation of IoT devices is being used to regulate water and electricity obtained from critical infrastructures, such as the smart-grid and urban water services, they contain serious security vulnerabilities and will soon become primary targets for attackers," says Nassi, who is also Ph.D. student of Prof. Yuval Elovici's in BGU's Department of Software and Information Systems Engineering and a researcher at the BGU Cyber Security Research Center. Elovici is the Center's director as well as the director of Telekom Innovation Labs at BGU.

The research team also included Ph.D. student Yair Meidan supervised by Dr. Asaf Shabtai, as well as two interns, Moshe Sror and Ido Lavi.

Previous research focused on a new method to detect illicit drone video-filming.
-end-
About American Associates, Ben-Gurion University of the Negev

American Associates, Ben-Gurion University of the Negev (AABGU) plays a vital role in sustaining David Ben-Gurion's vision: creating a world-class institution of education and research in the Israeli desert, nurturing the Negev community and sharing the University's expertise locally and around the globe. As Ben-Gurion University of the Negev (BGU) looks ahead to turning 50 in 2020, AABGU imagines a future that goes beyond the walls of academia. It is a future where BGU invents a new world and inspires a vision for a stronger Israel and its next generation of leaders. Together with supporters, AABGU will help the University foster excellence in teaching, research and outreach to the communities of the Negev for the next 50 years and beyond. Visit vision.aabgu.org to learn more.

AABGU, which is headquartered in Manhattan, has nine regional offices throughout the United States. For more information, visit http://www.aabgu.org.

American Associates, Ben-Gurion University of the Negev

Related Botnet Articles:

Tel Aviv University and IDC Herzliya researchers thwart large-scale cyberattack threat
A new study provides new details of a technique that could have allowed a relatively small number of computers to carry out DDoS (distributed denial of service) attacks on a massive scale, overwhelming targets with false requests for information until they were thrown offline.
New cyberattacks against urban water services possible warn Ben-Gurion University researchers
The researchers analyzed and found vulnerabilities in a number of commercial smart irrigation systems, which enable attackers to remotely turn watering systems on and off at will.
'Combosquatting' attack hides in plain sight to trick computer users
To guard against unknowingly visiting malicious websites, computer users have been taught to double-check website URLs before they click on a link.
Weaponizing the internet for terrorism
Writing in the International Journal of Collaborative Intelligence, researchers from Nigeria suggest that botnets and cyber attacks could interfere with infrastructure, healthcare, transportation, and power supply to as devastating an effect as the detonation of explosives of the firing of guns.
CISPA researchers present early warning system for mass cyber attacks
Mass attacks from the Internet are a common fear: Millions of requests in a short time span overload online services, grinding them to a standstill for hours and bringing Internet companies to their knees.
UC San Diego cybersecurity expert honored with ACM-Infosys Foundation Award
The Association for Computing Machinery (ACM) and the Infosys Foundation announced today that Stefan Savage, a computer scientist at the University of California, San Diego, is the recipient of the 2015 ACM-Infosys Foundation Award in the Computing Sciences.
Ben-Gurion U. researchers have discovered multiple botnets
Led by BGU Prof. Bracha Shapira and Prof. Lior Roach, the team analyzed data captured by a 'honeypot' network run by Deutsche Telekom, the worldwide telecommunications company.
On the way to a safe and secure Smart Home
A growing number of household operations can be managed via the Internet.
Using stolen computer processing cycles to mine Bitcoin
A team of computer scientists at the University of California, San Diego, has taken an unprecedented, in-depth look at how malware operators use the computers they infect to mine Bitcoin, a virtual currency whose value is highly volatile.
Finding the hidden zombie in your network
How do you detect a
More Botnet News and Botnet Current Events

Trending Science News

Current Coronavirus (COVID-19) News

Top Science Podcasts

We have hand picked the top science podcasts of 2020.
Now Playing: TED Radio Hour

Our Relationship With Water
We need water to live. But with rising seas and so many lacking clean water – water is in crisis and so are we. This hour, TED speakers explore ideas around restoring our relationship with water. Guests on the show include legal scholar Kelsey Leonard, artist LaToya Ruby Frazier, and community organizer Colette Pichon Battle.
Now Playing: Science for the People

#568 Poker Face Psychology
Anyone who's seen pop culture depictions of poker might think statistics and math is the only way to get ahead. But no, there's psychology too. Author Maria Konnikova took her Ph.D. in psychology to the poker table, and turned out to be good. So good, she went pro in poker, and learned all about her own biases on the way. We're talking about her new book "The Biggest Bluff: How I Learned to Pay Attention, Master Myself, and Win".
Now Playing: Radiolab

Uncounted
First things first: our very own Latif Nasser has an exciting new show on Netflix. He talks to Jad about the hidden forces of the world that connect us all. Then, with an eye on the upcoming election, we take a look back: at two pieces from More Perfect Season 3 about Constitutional amendments that determine who gets to vote. Former Radiolab producer Julia Longoria takes us to Washington, D.C. The capital is at the heart of our democracy, but it's not a state, and it wasn't until the 23rd Amendment that its people got the right to vote for president. But that still left DC without full representation in Congress; D.C. sends a "non-voting delegate" to the House. Julia profiles that delegate, Congresswoman Eleanor Holmes Norton, and her unique approach to fighting for power in a virtually powerless role. Second, Radiolab producer Sarah Qari looks at a current fight to lower the US voting age to 16 that harkens back to the fight for the 26th Amendment in the 1960s. Eighteen-year-olds at the time argued that if they were old enough to be drafted to fight in the War, they were old enough to have a voice in our democracy. But what about today, when even younger Americans are finding themselves at the center of national political debates? Does it mean we should lower the voting age even further? This episode was reported and produced by Julia Longoria and Sarah Qari. Check out Latif Nasser's new Netflix show Connected here. Support Radiolab today at Radiolab.org/donate.