printer friendly version

Building automation vulnerable to hacks

Critical Internet-connected smart building devices used in countless commercial and industrial properties, have been found to be vulnerable to a new malicious attack, according to cybersecurity researcher Bertin Bervis.

The vulnerability exploits the properties in the building automation protocol (Bacnet) which enables technicians and engineers to monitor, change and remotely control of a wide range of key smart systems that impact temperature control, and other monitoring systems. Bervis analysed several building automation devices with built-in web applications for remote monitoring and control. They were disclosed to manufacturers who didn’t respond.

The research ‘Mixing industrial protocols with web application flaws in order to exploit devices connected to the Internet’ was presented at the DEF CON IoT Village, organised by security consulting and research firm Independent Security Evaluators.

The attacker is able to maliciously modify the system’s web application code by injecting JavaScript code in the Bacnet device, abusing the read/write properties from the Bacnet protocol itself. The code is stored in the Bacnet database, helping the attacker to achieve persistence on browser devices that are used in building environments or industrial facilities that connect via BACnet.

The web applications allow malicious code modification in specific elements taken directly from the protocol level user interaction and protocol level database information changes, which means any data change performed directly from protocol interaction can modify pieces of code in the whole web application in a persistent way.

“Remote attackers can jump from that point to another using this technique to steal sensitive information from technicians or engineers who interact directly with the infected devices,” Bervis says. “It opens a new door for remote attacks without touching or interacting with the web application in those devices. The attacker only needs an insecure building automation protocol to modify the data.”

Bervis is an independent cybersecurity researcher from Costa Rica. His research is focused on Internet-connected devices and industrial protocols and is focused on analysing web servers in the wild and exploiting their vulnerabilities.

IoT Village is a security research community that brings together the brightest minds from security researchers, product manufacturers, solution providers, and academics in order to collaborate on solving the security challenges that plague IoT. It consists of many programming elements: talks, exploit demos, zero-day hunting contests, capture the flag style contests, and other hacktivities.

Share this article:

Further reading: