Despite the rapidly growing deployment of IP-based technologies around us, the security of these deployments remains susceptible to basic cyber security attacks. What began as a small enumeration of the exposure of Security Access Control Platforms on several Internet-connected device search engines, grew into a research project covering several Building Management Systems (BMS) or Building Automation Systems (BAS) and its various sub-categories.
The execution of such attacks enables an unauthenticated attacker to access and manipulate doors, elevators, air-condition systems, windows blinds, cameras, boiler, PLCs, lights, alarm system in an entire building. In the case of this research, more than 10 million people could be affected by the findings presented.
This presentation discusses vulnerabilities found by Applied Risk research team across several BMS components and products from various vendors in the industry. Multiple vulnerabilities have been identified that could result in the total compromise of entire buildings and critical facilities (e.g. banks, hospitals, industrial facilities, government, residential…etc.). In addition to the discovered vulnerabilities, the process we followed during our research will be discussed.