wholly S, who knew??
Interesting article, maybe a little heady for you city folk.
http://www.networkworld.com/article/3071340/internet-of-things/john-deere-is-plowing-iot-into-its-farm-equipment.html
Driverless tractors, you betcha!
I want to see how this holds up against a target attackers would actually bother with.
Shut down a nation's food production?
Hello, I am a state-sponsored attacker. I would like to place an APT in that infrastructure.
didn't really think about security, was more interested in the technology and ability to fine tune things so that one would get the greatest yield.
but if you make my 500K harvester go offline, and I lose a seasons worth of crops, I'll be pissed, really pissed.
Or more fun yet: have the harvester go havest a house some-where... or maybe a cow!!... Now I want to hack a harvester :-(
I can see the usefulness of this, but it could be intersiting if they don't implement it well.
There's also huge potential to hack this stuff via SAP. If humans are out of the picture as meter-readers, then writing code to hack what the SAP system sees over the network via its sensors makes fraud, diversion of cargo, etc, a doable thing.
Quote from: ristau5741 on May 18, 2016, 02:11:31 PM
if you make my 500K harvester go offline, and I lose a seasons worth of crops, I'll be pissed, really pissed.
Quote from: dlots on May 18, 2016, 02:36:44 PM
Or more fun yet: have the harvester go havest a house some-where... or maybe a cow!!... Now I want to hack a harvester :-(
Two kinds of people in this world.
-Otanx
Quote from: deanwebb on May 18, 2016, 01:32:17 PM
Shut down a nation's food production?
Hello, I am a state-sponsored attacker. I would like to place an APT in that infrastructure.
Yeah.. not buying it.... not the same as shutting down an entire power grid or turning failsafes off in a nuclear facility.
EDIT - Although, sure, I could imagine some up-and-comer wanting to do it to see if they could. I just know if I were an established, skilled hacker, I'd look for bigger fish.
If John Deere and Caterpillar use the same boards for their heavy equipment and they don't change the default admin password combo... it's the same as killing off the grid. Do a DoS on food supply transport/storage facilities, and you'll have lots of urban stores with nothing on them after 72 hours. Nine meals away from anarchy, with sufficient disruption in the supply chain.
Quote from: AspiringNetworker on May 18, 2016, 05:17:45 PM
Quote from: deanwebb on May 18, 2016, 01:32:17 PM
Shut down a nation's food production?
Hello, I am a state-sponsored attacker. I would like to place an APT in that infrastructure.
Yeah.. not buying it.... not the same as shutting down an entire power grid or turning failsafes off in a nuclear facility.
EDIT - Although, sure, I could imagine some up-and-comer wanting to do it to see if they could. I just know if I were an established, skilled hacker, I'd look for bigger fish.
This is why it will happen. Nobody will think it is a target. People will focus defenses on the highly visible stuff like nuke power plants while that nation state with tons of resources patiently hacks the farms(who don't have the cash for any cyber security defenses to speak of), and gets malware on all the farm equipment. Armies march on their stomachs. There is also a trend in the US for farms to get larger and larger. So instead of lots and lots of family farms supplying the food we are moving to fewer farms that are much larger. This means I can compromise one farm and make a noticeable impact. Especially if I deliver my payload just prior to starting a war.
-Otanx
I know IT people in banks and collages who are fighting CEOs and CIOs who's security moto is "no one would ever bother hacking us" and thus can't get any funding or anything. I think the next "real" war we have is going to be ~40% hacking killing the other country's economy.
Taking out cars on the high-way: https://www.youtube.com/watch?v=MK0SrxBC1xs
Imagine what it would do to the economy if most of the cars made in the last 3-4 years going over suddenly made a sharp right turn, accelorated as much as they could, and lost their brakes. Almost every auto insurance company would end up defaulting with that much damage, roads would be clogged for days, the loss of life would be catastrophic, emergency responce groups would be over-whelmed, buisnesses would grid to a hault as the people can't actally get to work, or go buy stuff.
Just saying: it could get REALLY ugly.
All the bad guys need to do is take over all the driverless backhoes.
Sever all Internet communications at a fiendishly coordinated stroke.
Internet of things... that are bound to get compromised.
The whole thing scares me. Enterprises can't help from getting owned even after great effort, so let's place random consumer-grade devices everywhere, which will never get updated, and will be exposed to the Internet.
This should be interesting. :drama:
P.S.: search for "IP Camera Prank" on youtube.
"What was the intrusion vector?"
"It was the light bulbs, this time."
:facepalm3:
Quote"Someone has a botnet with capabilities we haven't seen before," McKeay said. "We looked at the traffic coming from the attacking systems, and they weren't just from one region of the world or from a small subset of networks — they were everywhere."
There are some indications that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called "Internet of Things," (IoT) devices — routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.
http://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
:kramer:
Imagine what would have happened if they had gotten those devices to use reflection and amplification techniques. OUCH.