As the IoT technologies are being implemented by many countries to get the buildings, commercial and industrial properties to become smarter, there is a growing need for intelligent building technologies that provide data-driven insights to maximize operational efficiency, cut energy waste, and lower overall costs, have been found to be vulnerable to a new malicious attack.
The vulnerability exploits the properties in the building automation protocol (Bacnet) BACnet - A Data Communication Protocol for Building Automation and Control Networks, enables technicians and engineers performing monitoring, setup changes and remote control of a wide range of key smart systems that impact temperature control, and other monitoring systems and remote control of a wide range of key smart systems that impact temperature control, and other monitoring systems.
As per the cybersecurity researcher Bertin Bervis. analyzed several building automation devices with built-in web applications for remote monitoring and control. They were disclosed to manufacturers who didn’t respond.The attacker is able to maliciously modify the system’s web application code by injecting javascript code in the Bacnet device, abusing the read/write properties from the Bacnet protocol itself. The code is stored in the Bacnet database helping the attacker to achieve persistence on browser devices that are used in building environments or industrial facilities that connect via BACnet.
“Remote attackers can jump from that point to another using this technique to steal sensitive information from technicians or engineers who interacts directly with the infected devices,” Bervis says. “It opens a new door for remote attacks without touching or interacting with the web application in those devices. The attacker only needs an insecure building automation protocol to modify the data.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
