Warning over hacking of smart buildings

Smart building controllers create a double issue of being an access point to wider systems and also a direct vulnerability to issues such as heating or ventilation.

Pen Test Partners have found that contemporary controller security has improved, but that there are also large numbers ‘installed on the public internet, unprotected, with complete authentication bypass in some cases!’

The company blog notes that such installations are to be found in military bases, schools, government buildings, businesses and large retailers - some already compromised by malware.

The research points to HVAC & BMS installers, rather than the vendor, being a fault, but the end result is an insecure building where doors could be unlocked for burglary or heating or refrigeration off for blackmail.

Pen Test Partners made the discovery using the internet of things (IoT) search tool Shodan.

The BBC picked up the blog earlier in the week, but delayed reporting the issue until it had contacted the schools that could be identified by name.

Latest News

Co-op partners with The Hacking Games as CEO admits all members had data stolen in cyber-attack

Reddit asks UK users to confirm age in line with Online Safety Act

Google signs $3bn first-of-its-kind hydroelectricity deal

Agentic AI to ‘unlock $450bn’ by 2028

Oracle allocates $3bn for AI, cloud infrastructure in Germany and the Netherlands

Meta to build US AI data centre almost size of Manhattan

Warning over hacking of smart buildings

Recent Stories

Gov confirms work on second contact tracing app

Zoom acquires Keybase to enhance encryption

Virgin Media and O2 agree £31bn merger