Talk about an IoT

icecream-guy · May 18, 2016, 09:12:56 AM

wholly S, who knew??

Interesting article, maybe a little heady for you city folk.

http://www.networkworld.com/article/3071340/internet-of-things/john-deere-is-plowing-iot-into-its-farm-equipment.html

deanwebb · May 18, 2016, 09:46:04 AM

Driverless tractors, you betcha!

NetworkGroover · May 18, 2016, 12:25:58 PM

I want to see how this holds up against a target attackers would actually bother with.

deanwebb · May 18, 2016, 01:32:17 PM

Shut down a nation's food production?

Hello, I am a state-sponsored attacker. I would like to place an APT in that infrastructure.

icecream-guy · May 18, 2016, 02:11:31 PM

didn't really think about security, was more interested in the technology and ability to fine tune things so that one would get the greatest yield.
but if you make my 500K harvester go offline, and I lose a seasons worth of crops, I'll be pissed, really pissed.

dlots · May 18, 2016, 02:36:44 PM

Or more fun yet: have the harvester go havest a house some-where... or maybe a cow!!... Now I want to hack a harvester :-(

I can see the usefulness of this, but it could be intersiting if they don't implement it well.

deanwebb · May 18, 2016, 02:46:50 PM

There's also huge potential to hack this stuff via SAP. If humans are out of the picture as meter-readers, then writing code to hack what the SAP system sees over the network via its sensors makes fraud, diversion of cargo, etc, a doable thing.

Otanx · May 18, 2016, 04:12:06 PM

Quote from: ristau5741 on May 18, 2016, 02:11:31 PM
if you make my 500K harvester go offline, and I lose a seasons worth of crops, I'll be pissed, really pissed.

Quote from: dlots on May 18, 2016, 02:36:44 PM
Or more fun yet: have the harvester go havest a house some-where... or maybe a cow!!... Now I want to hack a harvester :-(

Two kinds of people in this world.

-Otanx

NetworkGroover · May 18, 2016, 05:17:45 PM

Quote from: deanwebb on May 18, 2016, 01:32:17 PM
Shut down a nation's food production?

Hello, I am a state-sponsored attacker. I would like to place an APT in that infrastructure.

Yeah.. not buying it.... not the same as shutting down an entire power grid or turning failsafes off in a nuclear facility.

EDIT - Although, sure, I could imagine some up-and-comer wanting to do it to see if they could. I just know if I were an established, skilled hacker, I'd look for bigger fish.

deanwebb · May 18, 2016, 06:45:14 PM

If John Deere and Caterpillar use the same boards for their heavy equipment and they don't change the default admin password combo... it's the same as killing off the grid. Do a DoS on food supply transport/storage facilities, and you'll have lots of urban stores with nothing on them after 72 hours. Nine meals away from anarchy, with sufficient disruption in the supply chain.

Otanx · May 18, 2016, 10:07:09 PM

Quote from: AspiringNetworker on May 18, 2016, 05:17:45 PM
Quote from: deanwebb on May 18, 2016, 01:32:17 PM
Shut down a nation's food production?

Hello, I am a state-sponsored attacker. I would like to place an APT in that infrastructure.

Yeah.. not buying it.... not the same as shutting down an entire power grid or turning failsafes off in a nuclear facility.

EDIT - Although, sure, I could imagine some up-and-comer wanting to do it to see if they could. I just know if I were an established, skilled hacker, I'd look for bigger fish.

This is why it will happen. Nobody will think it is a target. People will focus defenses on the highly visible stuff like nuke power plants while that nation state with tons of resources patiently hacks the farms(who don't have the cash for any cyber security defenses to speak of), and gets malware on all the farm equipment. Armies march on their stomachs. There is also a trend in the US for farms to get larger and larger. So instead of lots and lots of family farms supplying the food we are moving to fewer farms that are much larger. This means I can compromise one farm and make a noticeable impact. Especially if I deliver my payload just prior to starting a war.

-Otanx

dlots · May 20, 2016, 08:48:51 AM

I know IT people in banks and collages who are fighting CEOs and CIOs who's security moto is "no one would ever bother hacking us" and thus can't get any funding or anything. I think the next "real" war we have is going to be ~40% hacking killing the other country's economy.

Taking out cars on the high-way: https://www.youtube.com/watch?v=MK0SrxBC1xs
Imagine what it would do to the economy if most of the cars made in the last 3-4 years going over suddenly made a sharp right turn, accelorated as much as they could, and lost their brakes. Almost every auto insurance company would end up defaulting with that much damage, roads would be clogged for days, the loss of life would be catastrophic, emergency responce groups would be over-whelmed, buisnesses would grid to a hault as the people can't actally get to work, or go buy stuff.

Just saying: it could get REALLY ugly.

deanwebb · May 21, 2016, 10:24:16 AM

All the bad guys need to do is take over all the driverless backhoes.

Sever all Internet communications at a fiendishly coordinated stroke.

bertschs · May 23, 2016, 01:06:39 PM

Internet of things... that are bound to get compromised.

The whole thing scares me. Enterprises can't help from getting owned even after great effort, so let's place random consumer-grade devices everywhere, which will never get updated, and will be exposed to the Internet.

This should be interesting.

P.S.: search for "IP Camera Prank" on youtube.

deanwebb · May 23, 2016, 02:57:42 PM

"What was the intrusion vector?"

"It was the light bulbs, this time."