Talk about an IoT

Started by icecream-guy, May 18, 2016, 09:12:56 AM

Previous topic - Next topic

icecream-guy

:professorcat:

My Moral Fibers have been cut.

deanwebb

Driverless tractors, you betcha!
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

NetworkGroover

I want to see how this holds up against a target attackers would actually bother with.
Engineer by day, DJ by night, family first always

deanwebb

Shut down a nation's food production?

Hello, I am a state-sponsored attacker. I would like to place an APT in that infrastructure.

Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

didn't really think about security, was more interested in the technology and ability to fine tune things so that one would get the greatest yield.
but if you make my 500K harvester go offline, and I lose a seasons worth of crops, I'll  be pissed, really pissed.
:professorcat:

My Moral Fibers have been cut.

dlots

Or more fun yet: have the harvester go havest a house some-where... or maybe a cow!!... Now I want to hack a harvester :-(

I can see the usefulness of this, but it could be intersiting if they don't implement it well.

deanwebb

There's also huge potential to hack this stuff via SAP. If humans are out of the picture as meter-readers, then writing code to hack what the SAP system sees over the network via its sensors makes fraud, diversion of cargo, etc, a doable thing.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

Quote from: ristau5741 on May 18, 2016, 02:11:31 PM
if you make my 500K harvester go offline, and I lose a seasons worth of crops, I'll  be pissed, really pissed.

Quote from: dlots on May 18, 2016, 02:36:44 PM
Or more fun yet: have the harvester go havest a house some-where... or maybe a cow!!... Now I want to hack a harvester :-(

Two kinds of people in this world.

-Otanx

NetworkGroover

#8
Quote from: deanwebb on May 18, 2016, 01:32:17 PM
Shut down a nation's food production?

Hello, I am a state-sponsored attacker. I would like to place an APT in that infrastructure.

Yeah.. not buying it.... not the same as shutting down an entire power grid or turning failsafes off in a nuclear facility. 

EDIT - Although, sure, I could imagine some up-and-comer wanting to do it to see if they could.  I just know if I were an established, skilled hacker, I'd look for bigger fish.
Engineer by day, DJ by night, family first always

deanwebb

If John Deere and Caterpillar use the same boards for their heavy equipment and they don't change the default admin password combo... it's the same as killing off the grid. Do a DoS on food supply transport/storage facilities, and you'll have lots of urban stores with nothing on them after 72 hours. Nine meals away from anarchy, with sufficient disruption in the supply chain.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Otanx

Quote from: AspiringNetworker on May 18, 2016, 05:17:45 PM
Quote from: deanwebb on May 18, 2016, 01:32:17 PM
Shut down a nation's food production?

Hello, I am a state-sponsored attacker. I would like to place an APT in that infrastructure.

Yeah.. not buying it.... not the same as shutting down an entire power grid or turning failsafes off in a nuclear facility. 

EDIT - Although, sure, I could imagine some up-and-comer wanting to do it to see if they could.  I just know if I were an established, skilled hacker, I'd look for bigger fish.

This is why it will happen. Nobody will think it is a target. People will focus defenses on the highly visible stuff like nuke power plants while that nation state with tons of resources patiently hacks the farms(who don't have the cash for any cyber security defenses to speak of), and gets malware on all the farm equipment. Armies march on their stomachs. There is also a trend in the US for farms to get larger and larger. So instead of lots and lots of family farms supplying the food we are moving to fewer farms that are much larger. This means I can compromise one farm and make a noticeable impact. Especially if I deliver my payload just prior to starting a war.

-Otanx

dlots

I know IT people in banks and collages who are fighting CEOs and CIOs who's security moto is "no one would ever bother hacking us" and thus can't get any funding or anything.  I think the next "real" war we have is going to be ~40% hacking killing the other country's economy.

Taking out cars on the high-way: https://www.youtube.com/watch?v=MK0SrxBC1xs
Imagine what it would do to the economy if most of the cars made in the last 3-4 years going over suddenly made a sharp right turn, accelorated as much as they could, and lost their brakes.  Almost every auto insurance company would end up defaulting with that much damage, roads would be clogged for days, the loss of life would be catastrophic, emergency responce groups would be over-whelmed, buisnesses would grid to a hault as the people can't actally get to work, or go buy stuff.

Just saying: it could get REALLY ugly.

deanwebb

All the bad guys need to do is take over all the driverless backhoes.

Sever all Internet communications at a fiendishly coordinated stroke.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

bertschs

Internet of things... that are bound to get compromised.

The whole thing scares me.   Enterprises can't help from getting owned even after great effort, so let's place random consumer-grade devices everywhere, which will never get updated, and will be exposed to the Internet.

This should be interesting.    :drama:

P.S.: search for "IP Camera Prank" on youtube.


deanwebb

"What was the intrusion vector?"

"It was the light bulbs, this time."

:facepalm3:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.