Take a Virtual, Interactive Tour 

Cyber Security

  |  
3 Min Read

Systems left without passwords for months in Israel

In a shocking display of poor management over 100 smart irrigation systems were left exposed online without any security or even a password. Which allowed anyone to access and mess with any of the water irrigation which was used for crops, trees, cities, and any building complex.

 

istockphoto-516135874-170667a

 

This clear example of what not to do was discovered by a security firm in Israel, Security Joes.

 

These systems were running off of ICC PRO designed by Motorola for agricultural use and as well landscape. Security Joes co-founder Ido Naor reported that these companies and city officials had these installed but left them on factory settings which don't have a password for the default account.

 

Anyone attacking the systems could have identified them with IoT (Internet of Things) search engines like Shodan. Once they did locate the ICC PRO system, they would just have to type the default username for the system, and boom they are in.

 

They'll have access to pause or stop the water, change settings, water quantity, water pressure, and even lock the systems by deleting the user. Honestly this sounds more like a prank to do in the park in the middle of summer. Yet it could be more dangerous as Israel is in the middle of the desert.

 

Security did identify that with the 100 ICC PRO systems almost half of which were located in Israel while the rest were in other places around the globe. Ido Naor notified the CERT in Israel which then contacted the companies who own these systems, Motorola, and shared the information with other CERT teams in other countries.

 

Thankfully Motorola sent an announcement to customers about the dangers of leaving systems on default without a password. Security Joes has stated that the number of exposed systems has gone down to about 78 as companies begin to securing their ICC PROs.

 

Back in April Israel did have attacks targeting water management systems to alter water systems in order to create water shortages in certain areas by emptying water reserves and causing outright civil unrest. To combat this the INCD Israel's cybersecurity agency has sent out nationwide alerts to have passwords changed for web-based management systems.

 

Comment

GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their ...
Picture of Micah Turpin Micah Turpin 3 Min Read

Golang the new standard for malware langauge?

In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years.

VMware vulnerability leaves about 6,700 servers ripe for the picking.

VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire ...