Hackers could turn your garden sprinklers into a cyber weapon

Israeli researchers are warning that smart irrigation systems could take down parts of a city’s water system.

Spray and prey: The researchers from Ben-Gurion University found security weaknesses in popular commercial irrigation systems that could allow hackers to turn them on and off remotely. Bad guys could trick them into watering by feeding the web-connected gadgets fake commands directly, or by serving up bogus weather data.

Security leak: Large numbers of zombie sprinklers could be linked in a “botnet” that rapidly drains a city’s water reserves. The researchers claim a botnet of 1,350-odd sprinklers could empty an urban water tower in an hour, and around 24,000 could empty a flood water reservoir overnight.

Amateur hour: There’s plenty of evidence that nation-state hackers are targeting all kinds of critical infrastructure, from power plants to water systems. They’re also launching attacks aimed at crippling big cities, as Atlanta discovered earlier this year. And new research from security firm Cyberreason has shown that amateur hackers are also probing for flaws in the defenses of key systems like power grids.

Plugging holes: The Israeli researchers say they’ve already notified manufacturers of the flaws they’ve found in the software controlling the sprinklers, so hopefully the companies will move fast to fix them.