Warning over hacking of smart buildings

Smart building controllers create a double issue of being an access point to wider systems and also a direct vulnerability to issues such as heating or ventilation.

Pen Test Partners have found that contemporary controller security has improved, but that there are also large numbers ‘installed on the public internet, unprotected, with complete authentication bypass in some cases!’

The company blog notes that such installations are to be found in military bases, schools, government buildings, businesses and large retailers - some already compromised by malware.

The research points to HVAC & BMS installers, rather than the vendor, being a fault, but the end result is an insecure building where doors could be unlocked for burglary or heating or refrigeration off for blackmail.

Pen Test Partners made the discovery using the internet of things (IoT) search tool Shodan.

The BBC picked up the blog earlier in the week, but delayed reporting the issue until it had contacted the schools that could be identified by name.

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.