"Why does the radio need to talk to the brakes?"
So you can be forced to maintain an appropriate speed when Foghat plays
"slow ride".
------ Original Message ------
From: "Ken Hohhof" <[email protected]>
To: [email protected]
Sent: 10/5/2016 8:49:45 PM
Subject: Re: [AFMUG] grain dryer port forwards and IoT security
It may help that it looks like just a monitor. Although if someone
hacks into it, who knows?
The idea of someone maliciously controlling a 100 ft tall tower dryer
is a bit alarming. These things run 24x7 and are fed with really big
gas lines, and the smaller dryers on individual farms have a tendency
to clog up and/or catch fire.
I’d like to think the “Watchdog” remote monitor is a separate device
from the main PLC and can only monitor, not control the dryer.
Compartmentalizing systems is a great security measure. Which seems to
have gone by the wayside, as you hear about people hacking into cars
and airplanes via their WiFi and entertainment systems. Why does the
radio need to talk to the brakes?
From: Af [mailto:[email protected]] On Behalf Of Forrest Christian
(List Account)
Sent: Wednesday, October 5, 2016 7:15 PM
To: af <[email protected]>
Subject: Re: [AFMUG] grain dryer port forwards and IoT security
Actually depends on the device. Many of these simply aren't able to
get 'owned' like, as an example, something which runs Linux.
On the other hand, opening 22 and 23 scare me. Especially 23. Port
80 isn't as big of a deal as long as the device is hardened and
passwords are changed.
On Wed, Oct 5, 2016 at 5:25 PM, Eric Kuhnke <[email protected]>
wrote:
It's dumb and the manufacturer should feel bad. But it's not really
your problem to secure their device, if it gets pwned you can cut it
off from the network per your TOS/AUP.
Not much riskier to the ISP than being a colo provider and renting a
small section of rack space and selling a static /30 to a customer who
doesn't know how to secure their Linux server.
On Wed, Oct 5, 2016 at 4:22 PM, Ken Hohhof <[email protected]> wrote:
We hooked up Internet to a new GSI tower dryer at a grain elevator,
and assuming this is the correct manual, it wants ports 22, 23, and
80 forwarded to it.
http://www.grainsystems.com/content/dam/Brands/GSI/Manuals/English/Conditioning/pneg1720-062114-OS.pdf
Without additional firewall rules, does this sound risky? They have
a cellphone app, which apparently goes directly to the dryer, not
through some intermediary like a Team Viewer server. So I don’t see
what firewall rules we could put in. Doesn’t this let every hacker,
script kiddie, and bot herder in the world try to break into it via
SSH, telnet and HTTP? Do these guys move on if the default password
has been changed? I would think they would run dictionary attacks
against it.
--
Forrest Christian CEO, PacketFlux Technologies, Inc.
Tel: 406-449-3345 | Address: 3577 Countryside Road, Helena, MT 59602
[email protected] | http://www.packetflux.com
