New vulnerability found in internet-connected building automation devices

Critical internet-connected smart building devices used in many commercial and industrial properties, have been found to be vulnerable to a new malicious attack. This is according to a report from cybersecurity researcher Bertin Bervis.

The vulnerability exploits the properties in the building automation protocol (Bacnet) which enables technicians and engineers performing monitoring, setup changes and remote control of a wide range of key smart systems that impact temperature control, and other monitoring systems. Bervis analysed several building automation devices with built-in web applications for remote monitoring and control. They were disclosed to manufacturers who didn’t respond.

The research entitled Mixing industrial protocols with web application flaws in order to exploit devices connected to the internet, was presented at the DEF CON IoT Village at the Flamingo Hotel. DEF CON IoT Village is organised by security consulting and research firm Independent Security Evaluators.

The attacker is able to maliciously modify the system’s web application code by injecting javascript code in the Bacnet device, abusing the read/write properties from the Bacnet protocol itself. The code is stored in the Bacnet database helping the attacker to achieve persistence on browser devices that are used in building environments or industrial facilities that connect via BACnet.

The web applications allow malicious code modification in specific elements taken directly from the protocol level user interaction and protocol level database information changes, which means any data change performed directly from protocol interaction can modify pieces of code in the whole web application in a persistent way.

“Remote attackers can jump from that point to another using this technique to steal sensitive information from technicians or engineers who interacts directly with the infected devices,” Bervis says. “It opens a new door for remote attacks without touching or interacting with the web application in those devices. The attacker only needs an insecure building automation protocol to modify the data.”

Bertin Bervis is an independent cyber security researcher from Costa Rica. He has been a featured speaker at DEF CON, Ekoparty and other technical conferences worldwide. His research is focused on internet-connected devices and industrial protocols and is focused on analysing web servers on the wild and exploiting their vulnerabilities. Presentation is available on request.

IoT Village was founded by Independent Security Evaluators as a platform to educate, inform, and empower, IoT Village is a security research community that brings together the brightest minds from security researchers, product manufacturers, solution providers, and academics in order to collaborate on solving the security challenges that plague IoT.

It consists of many programming elements: talks, exploit demos, zero-day hunting contests, capture the flag style contests, and other hacktivites. As a security research platform, IoT Village has represented the discovery and publication of more than 300 zero-day vulnerabilities – previously unknown, critical security vulnerabilities that are readily exploitable in systems that are already out in the market being used by consumers, businesses, and governments alike. These critical issues afflict more than 50 different IoT device types.

Independent Security Evaluators (ISE) is a security consulting firm specialising in application, network, and blockchain vulnerability assessments, as well as training and secure software development for companies protecting high-value assets who may be frequently targeted. Our adversary-centric approach to security has proven highly effective for bolstering our clients’ defensive security postures. ISE analysts are also active in the security research community, speaking at conferences about relevant security issues and providing the public with cutting edge threat-based advisories. ISE is headquartered in Baltimore, with offices in San Diego and Los Angeles. For more information, visit here. Click here to subscribe to the ISE blog.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Make the Intelligent Choice: Embed X103 in Smart City Outdoor Devices

Posted on: April 25, 2024

The adage “less is more” is the current state of digital transformation, starting with existing technology that has already proven successful – and then further adapting and streamlining. The “smart city” embraces this end goal by digitalizing community services where we live and work, such as traffic and transportation, water and power, and other crucial

Read more
top-view-hand-holding smartphone internet communication network

Industrial IoT adoption fuels growth in private cellular networks

Posted on: April 25, 2024

Mission-critical use cases are driving private IoT connection growth in key industrial markets like manufacturing, logistics and transportation. Industrial IoT (IIoT) customers are eager to digitalise critical use cases with high-powered, dedicated networks, making these industries leaders in private 4G and 5G adoption. According to a new report from global technology intelligence firm ABI Research,

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more