More than 100 smart irrigation systems were left exposed online without a password last month, allowing anyone to access and tamper with water irrigation programs for crops, tree plantations, cities, and building complexes. From a report: The exposed irrigation systems were discovered by Security Joes, a small boutique security firm based in Israel. All were running ICC PRO, a top-shelf smart irrigation system designed by Motorola for use with agricultural, turf, and landscape management. Security Joes co-founder Ido Naor told ZDNet last month that companies and city officials had installed ICC PRO systems without changing default factory settings, which don’t include a password for the default account. Naor says the systems could be easily identified online with the help of IoT search engines like Shodan. Once attackers locate an internet-accessible ICC PRO system, Naor says all they have to do is type in the default admin username and press Enter to access a smart irrigation control panel. Here, Naor says attackers can pause or stop watering events, change settings, control the water quantity and pressure delivered to pumps, or lock irrigation systems by deleting users.
Read more of this story at Slashdot.
Source:
https://tech.slashdot.org/story/20/10/26/1744229/over-100-irrigation-systems-left-exposed-online-without-a-password?utm_source=rss1.0mainlinkanon&utm_medium=feed