Paper 2020/1518

Botnet IND: About Botnets of Botless IoT Devices

Ben Nassi, Yair Meidan, Dudi Nassi, Asaf Shabtai, and Yuval Elovici


Recent studies and incidents have shed light on the threat posed by botnets consisting of a large set of relatively weak IoT devices that host an army of bots. However, little is known about the threat posed by a small set of devices that are not infected with malware and do not host bots. In this paper, we present Botnet-IND (indirect), a new type of distributed attack which is launched by a botnet consisting of botless IoT devices. In order to demonstrate the feasibility of Botnet-IND on commercial, off-the-shelf IoT devices, we present Piping Botnet, an implementation of Botnet-IND on smart irrigation systems, a relatively new type of IoT device which is used by both the private and public sector to save water; such systems will likely replace all traditional irrigation systems in the next few years. We perform a security analysis of three of the five most sold commercial smart irrigation systems (GreenIQ, BlueSpray, and RainMachine). Our experiments demonstrate how attackers can trick such irrigation systems (Wi-Fi and cellular) without the need to compromise them with malware or bots. We show that in contrast to traditional botnets that require a large set of infected IoT devices to cause great harm, Piping Botnet can pose a severe threat to urban water services using a relatively small set of smart irrigation systems. We found that only 1,300 systems were required to drain a floodwater reservoir when they are maliciously prog

Available format(s)
Publication info
Preprint. MINOR revision.
IoT devicesBotnetsSmart Irrigation Systems
Contact author(s)
nassiben5 @ gmail com
2020-12-04: received
Short URL
Creative Commons Attribution


      author = {Ben Nassi and Yair Meidan and Dudi Nassi and Asaf Shabtai and Yuval Elovici},
      title = {Botnet IND: About Botnets of Botless IoT Devices},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1518},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.