IoT VILLAGE - Attacking Smart Irrigation Systems

Video thumbnail (Frame 0) Video thumbnail (Frame 927) Video thumbnail (Frame 4490) Video thumbnail (Frame 5925) Video thumbnail (Frame 8048) Video thumbnail (Frame 9112) Video thumbnail (Frame 10652) Video thumbnail (Frame 13615) Video thumbnail (Frame 14859) Video thumbnail (Frame 16940) Video thumbnail (Frame 20852) Video thumbnail (Frame 25812) Video thumbnail (Frame 26866) Video thumbnail (Frame 29434) Video thumbnail (Frame 32273) Video thumbnail (Frame 33630) Video thumbnail (Frame 35069) Video thumbnail (Frame 36910) Video thumbnail (Frame 37753) Video thumbnail (Frame 39584) Video thumbnail (Frame 40711) Video thumbnail (Frame 41780) Video thumbnail (Frame 42692) Video thumbnail (Frame 43568) Video thumbnail (Frame 44355) Video thumbnail (Frame 45148) Video thumbnail (Frame 47329) Video thumbnail (Frame 48115) Video thumbnail (Frame 49600) Video thumbnail (Frame 51752) Video thumbnail (Frame 58757)
Video in TIB AV-Portal: IoT VILLAGE - Attacking Smart Irrigation Systems

Formal Metadata

IoT VILLAGE - Attacking Smart Irrigation Systems
Alternative Title
Attacking Commercial Smart Irrigation Systems
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Smart irrigation systems, a new IoT device which is aimed at saving water and money, have already been adopted by smart cities (e.g., Barcelona), agriculture, and the private sector around the world and will replace existing traditional irrigation systems in the next few years as part of the smart water grid revolution. Connected to the Internet (via Wi-Fi/GSM communication) and critical infrastructure (e.g., water reservoirs), they will become a new target for motivated hackers and attackers. In this talk, we present research that was conducted over the past year, in which we investigated and reversed engineered three of the 10 most sold commercial smart irrigation systems (GreenIQ, RainMachine, and BlueSpray). We analyzed their interfaces with weather forecast services, cloud servers, sensors, and C&C devices, and based on this analysis, we present novel attack vectors against smart irrigation systems. We demonstrate (in videos) the implementation of the attack vectors on commercial smart irrigation systems and show how each of them contains a critical security vulnerability which allows a motivated hacker to remotely gain complete control of the system by: (1) hijacking or (2) influencing the smart irrigation system’s artificial intelligence. Finally, we talk about the damage that hackers can cause by performing attacks on smart irrigation systems and hypothesize whether the next generation of plumbers will use Kali Linux instead of a monkey wrench.
Dialect Digital media Motherboard Infinite conjugacy class property System programming Expert system Student's t-test Plastikkarte Twitter
Polar coordinate system Game controller Multiplication sign Connectivity (graph theory) Adaptive behavior Online help Water vapor Plastikkarte Connected space Web service Internetworking Googol Software Smartphone Information Reverse engineering Wireless LAN Physical system Area User interface Linear regression Planning Plastikkarte Computer network Student's t-test Connected space Component-based software engineering Internetworking Software Systems integrator Personal digital assistant Time evolution Green's function Order (biology) Universe (mathematics) System programming Connectivity (graph theory) Smartphone Remote procedure call Information security Systems engineering
Laptop Slide rule Conic section Server (computing) Mobile app Service (economics) Mapping Interface (computing) Water vapor Plastikkarte Water vapor Line (geometry) Plastikkarte Connected space Web service Logic Internetworking Personal digital assistant System programming Point cloud Resultant
Personal identification number Game controller Memory card Memory card Virtual machine Computer Plastikkarte Set (mathematics) Computer network Microcontroller Mathematical analysis Plastikkarte Entire function Connected space Product (business) Pi Software Order (biology) System programming Freeware Router (computing) Reverse engineering Firmware
Server (computing) Robot Set (mathematics) Water vapor Plastikkarte Neuroinformatik Mathematics Telecommunication Configuration space output Proxy server Metropolitan area network Physical system Point cloud Server (computing) Interface (computing) Plastikkarte Planning Line (geometry) Local area network Telecommunication Internet service provider Order (biology) output Point cloud Configuration space Communications protocol Physical system
Slide rule Server (computing) Hoax Computer file Dependent and independent variables Multiplication sign Water vapor Spyware Plastikkarte Number Timestamp Direct numerical simulation Internetworking Semiconductor memory Electronic meeting system Green's function Queue (abstract data type) MiniDisc Address space Point cloud Area Vulnerability (computing) Execution unit Dependent and independent variables Focus (optics) Server (computing) Planning Timestamp Entire function Green's function Infinite conjugacy class property Order (biology) Direct numerical simulation Revision control Point cloud Configuration space Right angle Communications protocol Physical system Resultant Electric current Computer worm
Demo (music) Water vapor Plastikkarte Cartesian coordinate system
Server (computing) Hoax Service (economics) Code Multiplication sign Virtual machine Water vapor Plastikkarte Computer programming 2 (number) Physical system Point cloud Service (economics) Dependent and independent variables Linear regression Server (computing) Image warping Code Planning Plastikkarte Denial-of-service attack Cartesian coordinate system Timestamp Software Web service Permanent Green's function Order (biology) Direct numerical simulation Musical ensemble Communications protocol Physical system
Vulnerability (computing) Server (computing) Focus (optics) Dependent and independent variables Virtual machine Plastikkarte Planning Coordinate system Client (computing) Water vapor Direct numerical simulation Web service Uniform resource locator Semiconductor memory Internet forum Order (biology) Direct numerical simulation Vulnerability (computing)
Vulnerability (computing) Dependent and independent variables Uniform resource locator Walsh function Demo (music) output Plastikkarte Coordinate system Client (computing) Water vapor Communications protocol Physical system
Dependent and independent variables Order (biology) Moving average Plastikkarte Convex hull Water vapor Plastikkarte Computer-assisted translation Physical system Sinc function
User interface Game controller User interface Local area network Exploit (computer security) Planning Plastikkarte Computer network Water vapor Local area network Plastikkarte Data transmission Connected space Arithmetic mean Personal digital assistant Telecommunication Order (biology) Interface (computing) Physical system
Scheduling (computing) User interface Multiplication sign Authentication File format Water vapor Encryption Electronic visual display Communications protocol Data type User interface Authentication Vulnerability (computing) Broadcast programming Demo (music) File format Planning Local area network Group action Langevin-Gleichung Telecommunication Interface (computing) Encryption Communications protocol Flag
Finite element method Word Code Moving average Planning Water vapor User-generated content
User interface Malware Distribution (mathematics) Penetrationstest Code
Vulnerability (computing) Asynchronous Transfer Mode Latent heat Functional (mathematics) State of matter Code Order (biology) Software testing Water vapor Line (geometry) Vulnerability (computing)
Decision tree learning Demo (music) Code Demo (music) Password Plastikkarte Computer network Line (geometry) Local area network Radical (chemistry) Telecommunication Password Gastropod shell Moving average Information security
Local area network Telecommunication Videoconferencing Moving average Water vapor Plastikkarte Physical system 2 (number)
Code Multiplication sign Modal logic Water vapor Web 2.0 Data model Single-precision floating-point format Cubic graph Endliche Modelltheorie Physical system Vulnerability (computing) Point cloud Service (economics) Electric generator Regulator gene Channel capacity Closed set Entire function Virtual machine Chain Order (biology) System programming Hill differential equation Physical system Firmware Point (geometry) Dataflow Server (computing) Addition Link (knot theory) Robot Information and communications technology Denial-of-service attack Plastikkarte Product (business) Telecommunication Internetworking Average Vulnerability (computing) Metre Information Server (computing) Interface (computing) Code Plastikkarte Denial-of-service attack Inclusion map Web service Sheaf (mathematics) Revision control Cubic graph
Musical ensemble
hey Ben would you like an introduction or would you like to introduce yourself I will let the experts handle this here you go thank you very much I would like
to thank you for attending this talk I would also like to thank the guys from dial T Village for helping us to publish this research to the to the media to on Twitter and on motherboard thank you so much let me first introduce myself and then we discussed about what I'm here to present so I'm Ben I'm a PhD student
from ben-gurion University I studied the area of cybersecurity and IOT devices for the last two-and-a-half years I'm a former Google employee this research was also done using the help of Moshe slow doctor a stop shop time a festival Avicii from a Ben Gurion University and we also want to thank Fujitsu for funding Fujitsu system integration of attalos for funding this research ok so I'm about to present you how attackers can attack smart irrigation system I will start by introducing smart irrigation system then we'll talk about how we reverse engineered as fatty regression systems and I will present you some of the attacks that we did spoofing attacks and replay attacks against Marty regression system and in the end we'll discuss about the damage that can be done using a botnet of smart irrigation system that's it okay so irrigation system and especially smart irrigation systems though about five years ago the first smart irrigation system appear I'm not sure which one was the first might irrigation system however they first appeared five years ago today you can find many vendors that produce that produce material systems they have many connected sensors such as rain sensor and soil moisture sensor for example they even have GSM editions not only Wi-Fi editions and two years ago Barcelona actually adopts smart irrigation systems instead of its traditional irrigation systems ok so smart irrigation systems are actually referred to advanced irrigation systems that incorporate various sensors and network components for increased efficiency in order to save water and money now they are connected to the Internet they provide remote command control service they allow automatic adaptation of watering plan based on weather forecast and they monitor watering plans and water consumption ok
now let's talk about the motivation for buying smart irrigation systems so first of all they are very cheap the price starts at about 150 you can buy them on Amazon they consider as green technology they design as I said before to save money and also save water they provide very convenient user interface comparing to the traditional irrigation systems it's a remote user interface in which you can use smartphones PCs and even smart assistance to control them and also the enable sensor connectivity as I mentioned before and they have wireless connectivity they provide Wi-Fi at the Wi-Fi editions and also GSM editions in which you can buy in order to deploy in your garden in your yard this is the
entire ecosystem and the parties in which they are actually interface with so on one hand on one end you have the smart irrigation system it connected to your homeland it also connect to sensors that are also connected to your homelands and they connected to your water line on the one end and to valves on the other end and the valves are actually connected to sprinklers so they actually regulate water obtained from water is a wall now using Internet connectivity the interface with CNC devices which can be your smartphone application your laptop your smart assistant they have dedicated cloud servers in which they are used to I will mention with the few slides from now they are used to communicate with their user and that can be located anywhere around the world and they actually also interface with weather forecast services and this is examples of such and Noah is one of them they know the map know which is their norwegian material logical institute is another one okay now why we consider
them as interesting and why would the Tucker's will want to attack them so first of all they are connected to critical infrastructure the urban water service or the national water service considered as critical infrastructure and most of the countries around the role another reason to attack them is maybe to cause a financial harm and to a party as a result of overconsumption of water there are places around the world where water is very expensive and by over consuming water you can actually cause a financial harm and these are examples of
free smart irrigation system commercial smart irrigation system that we investigated in this research we bought the in the blue spray and the green accuse smart irrigation systems they are all provide Wi-Fi connectivity so you can connect them to your homeland using Wi-Fi to your router they are very cheap these are their price including the shipment to Israel they are even cheaper if you buy in if you buy them here in the US also they are consider free of the best five I think or maybe ten top smart irrigation systems according to a few resources so we decided it will be good to use cutting-edge technology such as this the entire set of methods that they will present in this research conducted on this set of smart irrigation systems now let's talk about
how to I will reverse engineered smart irrigation system so we actually combined two techniques the first technique was extracting the extracting the fumer now if you will see the green IQ which is the one which is that the picture would be the the white one if you take a closer look you will see raspberry pi the guys from Cana hue did not design their own micro controller they actually use raspberry PI's their controller and of course the finger was uploaded to an SD card well so we actually took an SD card label and extracted the film before from there we didn't even had to you know to think a lot and how to they actually helped us in order to get their firmware out of the micro controller the product regarding the rain machine we actually downloaded the film using the UART connector used to a USB cable and this is the way we extract this is the way that we used in order to extract the film well off the rain machine during machine is the one that you can see the pin the a picture and the picture in the left in the on the top left and we also used some network analysis we connected them to a router and we captured their network traffic I would say for three weeks something like this and we analyzed their traffic they're using Wireshark and we actually connected all three of them so we so we have two fingers of the rain machine and the green EQ and the entire network behavior of all of them okay the next
set of attacks that I will present you called spoofing attacks we actually change the inputs that are going to the smart irrigation system and observed what happened because of our change we actually the purpose of these attacks is to change the input of smart irrigation system in order to water according to attackers wishes and execution of their taxes by performing man in the middle attacks using session hijacking from a bot running on a computer on a compromising and not on a compromised device that is connected to at the same line of the smart irrigation systems
okay now the first attack between I'm going to present is actually show how you can spoof smart irrigation system configuration a dedicated cloud server is used to provide CNC communication between a device a CNC device a user from one end and the green a cue from two and on the other hand bear in mind that the user can be anywhere around the world and he need to communicate with his own smart irrigation system that connected to his homeland and dedicated cloud server is actually mediate or used as proxy between the user and the smart irrigation system so a session between the green IQ and the cloud server is initiated every minute is initiated every minute in order to check whether the user sent any updates regarding watering plans and things like this one interesting thing is that the entire protocol the entire interface between the smart irrigation system and the cloud server is actually based on HTTP protocol which is pretty funny okay now let's discuss about the
vulnerability and introduce to their entire protocol and describe you later and show you demonstrate you later how the green acute can be attacked so the session between the green IQ and the DNA and you know what the for this session there is CS in a CNC device which is operated by the user let's say from anywhere around the world not not it is not specifically has to be connected to its homeland it can be operated via the Internet and the green area from the other end is actually initiate at the NS sequester the the silver to find the Carina the green acute that met address the green acute darknet is actually it's cloud server and which is followed by DNS result that is sent from the DNS server now after the the green a queue received the address of its cloud server it's actually initiated an HTTP request which is called ping to cloud the ping to cloud the request is followed by an HTTP response which is sent from the cloud server and contains a timestamp the timestamp is the timestamp of the last time in which the user have updated watering plan from anywhere around the world and stages 5 and 6 are actually are optional and we'll discuss them in a few slides from now ok now let's focus on stage is free and for HTTP request is being sent from the garena queue to the cloud server the green akyuu sends a ping every minute with its device ID you can see it on the left side this is the device ID this was extracted from the payload of the the packet that is being sent from the green enqueue to the cloud server which is then followed by the response the server sends the timestamp of the last time the watering plan was updated by the user and you can see the timestamp over here on the right side it's basically a number which describes the last time that watering plan was updated ok it is all actually being sent on HTTP protocol now this was actually
extracted from the finger of the green aq take a look on the response which is called new config the answer number four that is being returned to the garena queue now if the new config is actually greater the timestamp of the new config the last time the user sent an update of watering plan is greater than the one that is stored in the memory of the green a queue stages five and six are actually initiated and launched a new HTTP request that is called config.xml request is being sent to to the cloud server in order to obtain the new watering plan and the new configuration that was updated by the user now let's focus on stages five and six an HTTP request is being sent from the green and queue to the cloud server which followed by response of an XML file this is the XML file by the way on the right side you can see that it contains details such as when to what for how much time to water and other things that are important in order to to initiate the watering in the time that the user defined and this is it okay this is a focused on the returned XML file which is the HTTP response as I said contain the entire configuration and went what and went to water and the entire watering plans that the user set up now as I said earlier this is all being done using HTTP requests so hijack the entire session is actually pretty easy you can do it can apply some up spoofing in order to hijack the session and we can use a fake a green a cue cloud server that will answer instead that will respond instead of the real green acute cloud server and when a request an HTTP request with the last user update is being initiated the seller will answer will respond with the current timestamp which is probably bigger than the last time greater than the last time that is stored in the green a queue memory and it will then followed by another request to obtain the new watering plan which can be followed by a response sent from the green aqs server to the green a queue with fake fake watering plan as the attackers wishes to and this is and let me show you the demonstration of what will what would happen if you actually do it
now this is where you see the green IQ on the right-hand this is the clinical application there is no watering plants scheduled at all and we apply the attack that I just presented and look what happened to them you can just initiate watering as you wish okay okay let's continue
[Applause] [Music] okay so you might ask yourself what will happen if instead of returning the current time the current time stamp you will return a response of a time stamp that is actually ten years from now and then send the fake watering plan that lets say initiate watering all day long for the week so actually if you will see the fewer code on the left side if you will send a response and you can see it on the arrow in for a response with let's say future time stamp it's actually gonna cause the green aq to ignore any legitimate any legitimate C&C command that is will be initiated by the user now combining this with let's say watering all day long will actually in order to stop watering all day long the user will not be able to use his application in order to stop watering so what we actually will have to do is physically disconnect the green IQ from the network in order to stop such an attack so it's actually a permanent denial of service of the green McHugh it will require the user to physically disconnect the smadi regression system in order to stop to stop it from watering is yard okay
the second spoofing attack that we and that about to present use actually is actually spoof is actually spoofing water a weather forecast now it's my dear aggression system automatically such as the one that is presented in here which is the rain machine automatically adapts its watering plan according to the weather forecast obtained from weather forecast services its was actually designed to save what and you can think about rainy days no water is actually no watering is actually needed so smart irrigation system knows and programmed to prevent watering in let's say rainy days and they also a program to compensate for the lack of water in dry days so they actually every six hours the weather forecast request is sent to the weather forecast server and using the weather forecast that is being retained the smart irrigation system adapts its way watering plans automatically okay so there are several weather forecast services that provide HTTP protocol to them and not HTTP one of them was the Norwegian meteorological Institute which calls met no however six months ago something like this they upgraded their the upgraded the protocol to HTTPS however you can find many other weather forecast services that are still using HTTP protocol instead of HTTP and apply data that I'm about to show you so let's
focus on the vulnerability the during machine actually initiated in this request of weather forecast service that has been configured in our memory in its memory which is followed by DNS resolve sent from the DNS server afterwards a request for forecasts for weather forecast is being sent from is being initiated by the rain machine it includes latitude and longitude that were defined by the user the latitude and the longitude of the specific location of the smart irrigation system and they are then followed by response which is weekly weather forecasts and rain machine automatically adapt its watering plan according to the weather forecast in order to save water and to compensate for the lack of water in order to water your garden your yard and
this is how it looks like request is being sent from the rain machine to methanol and which include the GPS coordination of the location of the rain machine and it's followed by an HTTP response which is a weekly weather forecast and this is how it looks like it's actually contains temperature wind direction humidity wind speed and other things that are actually important to the smart irrigation system in order to adapt its watering plan and this is actually is being sent on let's say on our little solution so this is it now it's being by the way initiated every six hours that there are four four requests for gtp request such as this that are being initiated by the rain mission today now Wesker's of how we can
exploit such a protocol that is based on HTTP protocol and two ways in which we found we found a way to disprove the input to this material system one of them is to spoof the request location which you can think about instead of sending the true location of the smart irrigation system you will send a that appeals as if it if it is the most Alec placed on elf and this will actually result in a response of weather forecast that with the dry humidity which will require the smart irrigation system to adapt itself to water because of the lack of rain that that is being that it understand from the water forecast that is being sent another way is just to remove the response and just changing the values of the weather forecast that is being sent and let me show you how I show you on the earlier
one way is to change the GPS coordination the requests and other ways to change the values that are being received by the smart irrigation system and I have a demonstration to show you
so this is my cat by the way
okay well what you're about to see is that the smart irrigation system is being configured to London during winter and you will see that no watering and no water is actually needed in order to water your garden take a look on the weather forecast that is being received by the smart irrigation system it starts from minus 1 up to 6 Celsius and you see the 0% 0% are the amount of water that are required in order to water your garden since it's a rainy day no water is actually required however after applying our attack you will see like values that don't make any sense in a minute it's
okay this is the smart irrigation system after we apply the attack you can see values that range from zero to fifty the smart irrigation system understood that it's considered as very dry weather forecast so it actually adapts to uttering a plan as you can see 53 percent 100% so if the attacker when he will apply such an attack he actually managed to cut the smart irrigation system to obtain water when it actually does not need to obtain it
okay so this both these two attacks were spoofing attacks and now I'm about to show you to replay attacks also in this case the purpose is to exploit the legitimate human machine interface for CNC for command control communication as a means of attacking the smart irrigation system in order to water according to the attackers wish and the execution is also being done from abroad running on a compromised device that is connected to the same LAN of the smart irrigation system and the first attack
that we found first an ability that we found is actually founded in the Bliss on the blue spray displays the one that is actually on the left the picture on the left it provides HMI communication using a dedicated web interface that is based on HTTP where a protocol and it provides it to devices that are connected to its lon now it allows the user to schedule watering plans however no encryption or authentication are applied so this is even easier than before this is by the
way the gist and format of the house scheduling watering the request is being initiated you can see the start date and how much time do you want to order and other things so it's actually very easy even to understand how to attack it and how to schedule unnecessary watering plan and let me show you the demo of applying such an attack
okay so what you're seeing in here this
is the original watering plan that was configured there are no watering plans at all and wrote a simple Python code that actually initiates using HTTP request watering and this is a word we
actually apply it now let me show you the result of
applying this code for executing this code this is the exact web interface in which I talked of now when you look at
the watering plans that are actually all
day long for the entire week so this was only initiated using simple HTTP requests
another interesting attack that we thought of for presenting the vulnerability we actually extracted the code from the community as we mentioned earlier they actually use a Raspberry Pi so we extracted the defin will very easily and we analyzed their code and found on the following code lines you can see the state GPIO function and it's actually it's its execution that operate the master valve actually opens the valve so water will actually flow outside and this is the inline four to eight you can see the execution of such GPIO and specific about that is being specific about that is being operated we actually ask ourselves how we can use it in order to initiate watering so by assuming one of
the following either the SSH password is too weak or it is has been leaked or either the smart irrigation system itself is compromised then you can apply such an attack you can open a secure shell terminal and just open the valve using the code that I just present you the code that was in line four to eight and this is the demo that
okay take a look at the following video you can see the green Akio and how we are playing with the opening the valve and closing the valve every 10 seconds this is where it stops for 10 seconds and afterwards it is being again initiated now you can see the watering is actually starts again and we actually use we applied it using SSH communication that was applied from another compromised device that was connected to the same local area network of the green EQ
okay so after you know how to actually initiate watering as you wish and in the times that you wish to water them you can also imagine what would have happened what would happen if an attacker has managed to use a botnet smart irrigation system so you know botnets today are being you can rent them on the the dark web so they're pretty easy too they're fine in the wilds you can find them on the Internet you do not have to actually infect smart irrigation system you can rent the botnet and check whether a smart irrigation system is connected to the land of the compromised device where the bot is running and you can think about using a CNC model about mental smart irrigation system and initiate watering from many smart irrigation systems simultaneously and we ask ourself what would have happen if an attacker has managed to control a botnet of smart irrigation system using a CNC server and
we analyze the damage and the typical sprinklers water flow this is actually the Falcon taken from the Falcons specs is between zero point six six and four point nine three cubic meters per hour so let's say on average it's two point seven nine five cubic meters on average per hour what is the damage incurred when the attack is performed using a bucket of smart irrigation systems that are triggered to water simultaneously now this is actually pretty interesting you need a botnet of one hand I have one thousand three hundred the sprinklers and you need to operate them for a single hour in order to empty a typical water tower capacity which is around three hundred and seven eight seven eight seven cubic meters and if you're thinking about how you can empty a flood water reservoir so this is why you need a bigger botnet let's say about twenty three thousands and you need to operate them for six hours during night in order to empty a few water reservoir which is its capacity is around four hundred and four K cubic meters so it's actually let's say pretty dangerous attack if the attacker can actually harm an entire city and even a nation if you will manage to infect many smart irrigation system and this is pretty interesting because this generation of IOT devices is actually being used by consumers to regulate resource such as water that are obtained from critical infrastructure now traditional attacks against critical infrastructure required the attackers to somehow in fact the critical infrastructure itself they must use supply chain attacks they either some let's say insiders to infect the system to attend fight critical infrastructure systems this kind of attack is actually an indirect attack and it's much easier to deploy and the reason that is it is much easier to deploy is when you considers a critical infrastructure they actually use ideas and IPS increasing detection systems and prevention systems to prevent from attackers to attack their systems however as you can see this attack is actually indirect it is much easier to attack the weakest link in the interface between the IOT device to this critical infrastructure instead of attacking the critical infrastructure itself so this was actually the entire idea behind this attack how you can manage to attack a critical infrastructure indirectly one last thing regarding ethics we actually provided full ethical disclosure to each one of the smarter irrigation systems manufacturers that I showed you we make you actually thanked us and they decided to apply to TPS communications so I think that you were not able to apply our attacks and they are now well aware to the vulnerabilities they also decided to close SSH port in the film were so they actually prevent from attack from running Python code and to initiate watering regulation and blue spray engineers contact us and we actually provide them the entire necessary information in order to this to patch the fingers however they did not tell das told us whether they patch the vulnerabilities so I'm not sure whether you can apply our attacks or no I think that you from my experience with this kind of manufacturers you probably they did not patch their products yet and they probably have some better things to do this is it any questions
okay thank you very much [Music] [Applause]