Smart building controllers create a double issue of being an access point to wider systems and also a direct vulnerability to issues such as heating or ventilation.
Pen Test Partners have found that contemporary controller security has improved, but that there are also large numbers ‘installed on the public internet, unprotected, with complete authentication bypass in some cases!’
The company blog notes that such installations are to be found in military bases, schools, government buildings, businesses and large retailers - some already compromised by malware.
The research points to HVAC & BMS installers, rather than the vendor, being a fault, but the end result is an insecure building where doors could be unlocked for burglary or heating or refrigeration off for blackmail.
Pen Test Partners made the discovery using the internet of things (IoT) search tool Shodan.
The BBC picked up the blog earlier in the week, but delayed reporting the issue until it had contacted the schools that could be identified by name.
Latest News
-
Tesco announces delivery drivers to wear body-worn cameras
-
Xiaomi links smartphone price hikes to rising memory chip costs
-
Singapore to follow UK’s cybersecurity protections
-
UK data centre spend set to surge to £10bn a year by 2029
-
Amazon rolls out AI-powered smart glasses for delivery drivers
-
FCA takes legal action against HTX for illegal crypto promotion in the UK
The future-ready CFO: Driving strategic growth and innovation
This National Technology News webinar sponsored by Sage will explore how CFOs can leverage their unique blend of financial acumen, technological savvy, and strategic mindset to foster cross-functional collaboration and shape overall company direction. Attendees will gain insights into breaking down operational silos, aligning goals across departments like IT, operations, HR, and marketing, and utilising technology to enable real-time data sharing and visibility.
The corporate roadmap to payment excellence: Keeping pace with emerging trends to maximise growth opportunities
In today's rapidly evolving finance and accounting landscape, one of the biggest challenges organisations face is attracting and retaining top talent. As automation and AI revolutionise the profession, finance teams require new skillsets centred on analysis, collaboration, and strategic thinking to drive sustainable competitive advantage.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories