Cryptology ePrint Archive: Report 2020/1518

Botnet IND: About Botnets of Botless IoT Devices

Ben Nassi and Yair Meidan and Dudi Nassi and Asaf Shabtai and Yuval Elovici

Abstract: Recent studies and incidents have shed light on the threat posed by botnets consisting of a large set of relatively weak IoT devices that host an army of bots. However, little is known about the threat posed by a small set of devices that are not infected with malware and do not host bots. In this paper, we present Botnet-IND (indirect), a new type of distributed attack which is launched by a botnet consisting of botless IoT devices. In order to demonstrate the feasibility of Botnet-IND on commercial, off-the-shelf IoT devices, we present Piping Botnet, an implementation of Botnet-IND on smart irrigation systems, a relatively new type of IoT device which is used by both the private and public sector to save water; such systems will likely replace all traditional irrigation systems in the next few years. We perform a security analysis of three of the five most sold commercial smart irrigation systems (GreenIQ, BlueSpray, and RainMachine). Our experiments demonstrate how attackers can trick such irrigation systems (Wi-Fi and cellular) without the need to compromise them with malware or bots. We show that in contrast to traditional botnets that require a large set of infected IoT devices to cause great harm, Piping Botnet can pose a severe threat to urban water services using a relatively small set of smart irrigation systems. We found that only 1,300 systems were required to drain a floodwater reservoir when they are maliciously prog

Category / Keywords: applications / IoT devices, Botnets, Smart Irrigation Systems

Date: received 3 Dec 2020

Contact author: nassiben5 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20201204:080547 (All versions of this report)

Short URL: ia.cr/2020/1518