Cybersecurity Risks in Smart Dairy Farming

The paper, titled “The Internet of Insecure Cows – A Security Analysis of Wireless Smart Devices Used for Dairy Farming,” authored by Samuel Barnes-Thornton, Joseph Gardiner, and Awais Rashid of the University of Bristol, delves into the burgeoning integration of technology in agriculture, focusing on dairy farming. The researchers highlight the increasing reliance on Internet of Things (IoT) devices, such as cow tracking collars, in the agricultural sector to improve efficiency and productivity. However, this technological advancement brings with it a heightened risk of cyberattacks, which could have catastrophic implications for individual farms and the broader food supply chain.

The primary focus of the paper is on the security analysis of cow tracking collars used in smart dairy farming. These collars, widely used across Europe, are critical in monitoring the health and activity of cows. The researchers successfully reverse-engineered the wireless protocol used by these devices and identified significant security lapses. They discovered that the system for receiving signals from the sensors, as well as the data endpoint software, are vulnerable to data injection attacks. This vulnerability allows for the injection of false data, which could lead to erroneous animal health data being displayed to farmers and veterinarians, potentially leading to poor decision-making, financial losses, and animal welfare issues.

The research involved a detailed manual analysis of the device’s protocol, where traditional network protocol analysis tools were unsuitable due to the protocol’s unique nature and encoding methods. The team conducted a thorough examination, including demodulation and decoding of transmitted messages. They were able to perform both replay and arbitrary data injection attacks. In particular, the ability to inject arbitrary data could result in false alarms, misleading farmers and veterinarians about the health and activities of the animals.

Upon discovering the vulnerability, the researchers responsibly disclosed it to the device manufacturer. The manufacturer acknowledged the issue and indicated that future versions of the devices would incorporate encryption. However, a significant delay in the release of these updates was anticipated. The researchers suggest the ideal fix would be to incorporate a suitable encryption scheme within the protocol, considering the challenges of operating on low-powered devices with minimal battery impact.

The paper concludes with a call for heightened security measures in the agritech sector. It underscores the necessity of improving software security practices among device manufacturers, including vulnerability testing, disclosure, and patching. The researchers emphasize the urgent need for a comprehensive cybersecurity approach in agritech to safeguard against potential threats and ensure the integrity and reliability of these essential systems in agriculture.