New Vulnerability Found in Internet-Connected Building Automation Devices

Posted on Wednesday, 14th August 2019 @ 07:23 PM by Text Size A | A | A

Spread the love

Critical internet-connected smart building devices used in countless commercial and industrial properties, have been found to be vulnerable to a new malicious attack. The vulnerability exploits the properties in the building automation protocol (Bacnet) which enables technicians and engineers performing monitoring, setup changes and remote control of a wide range of key smart systems that impact temperature control, and other monitoring systems.

Critical internet-connected smart building devices used in countless commercial and industrial properties, have been found to be vulnerable to a new malicious attack, according to cybersecurity researcher Bertin Bervis.

The vulnerability exploits the properties in the building automation protocol (Bacnet) which enables technicians and engineers performing monitoring, setup changes and remote control of a wide range of key smart systems that impact temperature control, and other monitoring systems. Bervis analyzed several building automation devices with built-in web applications for remote monitoring and control. They were disclosed to manufacturers who didn’t respond.

The research “Mixing industrial protocols with web application flaws in order to exploit devices connected to the internet. was presented at the DEF CON IoT Village at the  Flamingo Hotel.  DEF CON IoT Village is organized by security consulting and research firm Independent Security Evaluators.

The attacker is able to maliciously modify the system’s web application code by injecting javascript code in the Bacnet device, abusing the read/write properties from the Bacnet protocol itself.  The code is stored in the Bacnet database helping the attacker to achieve persistence on browser devices that are used in building environments or industrial facilities that connect via BACnet.

The web applications allow malicious code modification in specific elements taken directly from the protocol level user interaction and protocol level database information changes, which means any data change performed directly from protocol interaction can modify pieces of code in the whole web application in a persistent way.

“Remote attackers can jump from that point to another using this technique to steal sensitive information from technicians or engineers who interacts directly with the infected devices,” Bervis says. “It opens a new door for remote attacks without touching or interacting with the web application in those devices. The attacker only needs an insecure building automation protocol to modify the data.”

Read More…

Related News On HuffPo Club www.hpub.org:

Disqus Comments

Specify a Disqus shortname at Social Comments options page in admin panel

Facebook Comments

G+ Comments

Default Comments