Vulnerabilities in commercial smart irrigation systems could allow cyberattackers to turn water systems on and off at their will, according to new research from Ben-Gurion University of Negev (BGU).

The findings, revealed in a Wednesday press release from the researchers, highlight the growing trend of physical consequences associated with cyberattacks. Utilizing an attack like this, a malicious actor could limit a town’s resources, or possible cause flooding damage.

The researchers tested three widely sold smart irrigation systems: GreenIQ, BlueSpray, and RainMachine. According to the press release, attackers could use a botnet to impact the internet-connected systems. For more information on the research, check out the video here.

SEE: IT leader’s guide to cyberattack recovery (Tech Pro Research)

Ben Nassi, one of the researchers, said in the press release that he notified the companies of the security gaps in their systems’ firmware.

“By simultaneously applying a distributed attack that exploits such vulnerabilities, a botnet of 1,355 smart irrigation systems can empty an urban water tower in an hour and a botnet of 23,866 smart irrigation systems can empty flood water reservoir overnight,” Nassi said in the release.

According to the report, water production and delivery systems prove critical to a nation’s infrastructure. Because of this, they are generally protected from such attacks, however, the report found, some local governments have added new eco-friendly technology using Internet of Things (IoT) irrigation systems to replace traditional sprinkler systems that lack the infrastructure security.

“Although the current generation of IoT devices is being used to regulate water and electricity obtained from critical infrastructures, such as the smart-grid and urban water services, they contain serious security vulnerabilities and will soon become primary targets for attackers,” Nassi said in the release.

A similar cyberattack that caused physical consequences happened to Ukraine in 2015. According to a Motherboard report, tens of thousands of Ukrainians suffered the consequences of a hack that left them without power.

The big takeaways for tech leaders:

  • New research from Ben-Gurion University of Negev found vulnerabilities in three common water irrigation systems that could lead to physical consequences from a cyberattack.
  • These vulnerabilities could be due to a more eco-friendly IoT powered irrigation system, which can be impacted by the use of botnets.