July 1, 2017

(in)security in building automation how to create dark buildings with light speed

by Thomas Brandstetter, Kerstin Reisinger

The usage of building automation, regardless if in private homes or corporate buildings, aims to optimize comfort, energy efficiency and physical access for its users. Is cyber security part of the equation? Unfortunately, not to the extent one might expect, cyber security is quite often sacrificed either for comfort or efficiency. The higher number of small and large-scale installations combined with easily exploitable vulnerabilities leads to a stronger exposure of building automation systems, which are often overlooked. Even worse, an adversary understanding the usage of regular building automation protocol functions for malicious purposes may not only create chaos within the breached building but can potentially even peek into internal, otherwise not reachable, networks through these building protocols.

https://www.blackhat.com/us-17/briefings.html#insecurity-in-building-automation-how-to-create-dar...