Your food is getting easier to hack
- April 11, 2019
- Posted by: Kerry Tomlinson, Archer News
- Category: Archer News, Cyber Crime, Cyberattack, Hacking, Industrial Control System Security, Mobile Devices, Posts with image, Ransomware, Smart Devices
Your cereal may be as connected as you are.
From growers using self-driving tractors to farm their crops, to the processors using tech to check for size and weight, your food may follow a digital path to your plate.
But that also means it’s easier to hack.
Our food is more and more connected, produced with smart machines — and more open to cyber attacks.
“That process we think of, somebody in overalls with a tractor,” said Bill Malik of security company Trend Micro. “These things are offices. They are Internet-enabled. They are GPS-connected.”
Trend Micro recently published research into food production and hacking, by Ryan Flores, Stephen Hilt, and Akira Urano.
Farmers are turning to ‘precision agriculture’ to save money and work more efficiently.
Drones can monitor fields and plant seeds.
Sensors check for soil moisture, ripeness, insects and disease.
Connected devices — also known as the Internet of Things, or IoT — can make feeding animals more efficient and maintain just the right temps for chickens, with enough ventilation so they don’t suffocate.
It’s a huge benefit, but also a risk.
Click & Kill
In 2015, someone killed off more than three hundred thousand chickens in South Carolina.
The wolf in sheep’s clothing showed up at multiple farms and messed with temperature devices, freezing some chickens to death, suffocating others, turning off the alarm system so no one would know until it was too late.
Reports say the attack was devastating to some farmers and cost Pilgrim’s Pride $1.7 million.
Even worse, researchers say now some attackers can do the same from afar with a keyboard.
Trend Micro researchers looked for exposed food processing systems on the Internet, systems that an attacker could manipulate and control.
Systems ripe for food hacking.
They found two exposed poultry ventilation control systems, seven food processing systems, 14 feeding systems and 107 aquaculture systems, where farmers grow your fish and shrimp, among others.
They discovered most of the exposed systems in the U.S.
“In effect, anyone on the Internet can connect to these systems and manipulate them remotely,” the researchers said.
This is not the first time people have found holes in the food system.
Researcher Daniel Lance, who was working for Archer, Archer News Network’s parent company, at the time, spotted password problems with meat-processing equipment from a massive company, Marel, in 2017.
The vulnerability was considered to have a high likelihood of exploit.
“You’ve now automated the entire food production system,” Malik told Archer News in an interview. “Now if somebody were bloody-minded towards people eating their Cheerios in the morning, they might say, ‘Anything that’s bad for those people is good for my people.’”
“We have no reason to believe that adversary would not do that,” he said. “We have no reason to believe that somebody would not try to blackmail a major agricultural manufacturer.”
Stop Food Hacking
The Trend Micro researchers have recommendations for farmers and food processors, including:
—Protect remote access to your equipment
—Change the passwords that come on the devices and systems to something strong and unique.
—Watch out for phishing emails
—Update your devices
Not Just Farmers
The connected device makers and big food companies using IoT should pay attention as well.
Industrial machines can be vulnerable, too.
“Ideally, you build controls. You build layers of defense. We talk about building layers of the onion,” said Ken Munro of security company Pen Test Partners. “Organizations are slowly getting their corporate security fixed. Only now, they’re really starting to move onto their industrial control security.”
Before now, industrial companies may have felt no need to change, Munro explained.
He gave an example of their thinking.
“It’s been fine. What’s the problem?”
On the Front Lines
As farmers and companies move toward security, with some gaps in the process, you may end up being the one to spot a food cyber attack first.
“If you’re eating the cereal, what you want to do is say, ‘Geez, this doesn’t look right,” Malik said. “If you pour out your Cheerios and half of them seem to be overcooked or whatever, call the number [on the box].”
“When you are at the final step of any complex industrial process, you are the front line for any flaws that made it through that process,” he explained. “So, I just simply ask that people will be smart.”
Main image: Woman eating hamburger at computer. Image: Doucefleur/iStock