More than 100 smart irrigation systems were exposed online without a password last month, allowing anyone to access and disrupt irrigation programs for crops, tree plantations, cities and buildings.
Exposed irrigation systems were discovered by Security Joes, a small security company based in Israel. The problem is the ICC PRO system, a smart irrigation system designed by Motorola.
Security Joes co-founder Ido Naor told ZDNet last month that Companies and city officials had installed the ICC PRO systems without changing the factory default settings, which do not include a password for the default account.
Once an attacker detects an Internet-accessible ICC PRO system, Naor says all they have to do is type in the "default admin username" and press Enter to access a smart irrigation control panel.
Here, Naor says intruders can stop watering, change settings, control the amount of water and pressure supplied to pumps, or lock irrigation systems by blocking access to specific users.
More than 100 ICC PRO irrigation systems were exposed online without a password last month when Naor first spotted this issue.
Naor briefed CERT last month, which then contacted the affected companies, Motorola, and also shared the findings with other CERT teams in other countries.
The report began to improve last week. Naor acknowledged Motorola's stance on the development after the company sent a letter to customers on the risks of exposure of the irrigation system to the internet.
As a result of these alerts, the number of ICC PRO instances with internet access began to decline from 94 last week to 78 today as companies began to install irrigation systems behind firewall or in private networks.
However, while the situation has improved, systems still exposed to the Internet today still do not have a password set to the default account.