As the global smart building movement marches on at increasing pace, it is sometimes easy to forget that many, building management systems hold potential vulnerabilities. The results of a one-year research project have revealed more than 100 flaws in building management and access control systems of the some popular vendors investigated. In response, US Homeland Security has handed out a “Perfect score” of 10.0, implying the most severe risk for the worst vulnerabilities identified by the research. Fixes and patches have been released, but the compelling results have underlined the widespread cyber security flaws that still exist in all smart buildings. Just over a year ago, Gjoko Krstic, a researcher at industrial cyber security firm Applied Risk, began analyzing building management systems, building automation systems and access control products from four leading vendors; Optergy, Nortek, Prima Systems and Computrols. “By exploiting the vulnerability, it’s possible to shut down a building with one click,” he stated during a presentation in Amsterdam at Hack In The Box event in May. Adding, in a recent interview with TechCrunch, that the worst Optergy bug was “Very, very bad” and “Easy to exploit.” Krstic summarized his overall findings at SecurityWeek’s ICS Cyber Security Conference in Singapore, noting that an attacker could take advantage of these weaknesses to trigger alarms, lock or unlock doors and gates, control elevator access, intercept video surveillance streams, manipulate HVAC systems and lights, disrupt operations, and steal personal information.
Read more on memoori.com/cyber-attacks-….