An introduction to building management system vulnerabilities - 1 views
searchsecurity.techtarget.com/...agement-system-vulnerabilities
technology hotel software business tech solution
shared by imontenegro on 10 Apr 19
- No Cached
-
imontenegro on 10 Apr 19In December 2018, the FBI warned that unpatched devices on networks were exposed to hackers through an open port used to communicate with control systems.
- ...4 more comments...
-
imontenegro on 10 Apr 19Target stores attack in 2013. Criminals gained access to Target's point-of-sale (POS) system software to obtain the credit and debit card data associated with over 110 million accounts. However, the criminals did not directly attack the POS, but instead began stealing login credentials used by Target's heating, ventilation and air conditioning vendor when they connected to the Target web applications. Through this vector, the attackers gained access to Target's Active Directory and, ultimately, the Target POS system where they could collect credit card numbers and other sensitive data.
-
imontenegro on 10 Apr 19In another example from 2014, a hacker broke into the building control system of a five-star hotel in Shenzhen, China, to manipulate room control systems and steal customer data.
-
imontenegro on 10 Apr 19The four key modules of a building management system include management, automation, field devices and communications. The management level includes the human-machine interface, enterprise software, workstations, servers and, sometimes, network switches. Automation is the primary control for field devices.
-
imontenegro on 10 Apr 19Another common BMS vulnerability is ineffectively controlled remote access to systems. The Target hack demonstrated how remote access, if it is not rigidly controlled, can be used against customers.
-
imontenegro on 10 Apr 19One last, often-overlooked vulnerability is an aging BMS. Many buildings still have legacy BMSes installed that could be subject to simple attacks, although some of the older systems are analog-based and are not as easy to hack as modern, Ethernet-based systems. Regardless, the old systems may have default passwords that can be found on the internet and that cannot be changed or patched. These old systems may also have open ports that cannot be blocked unless you install a major -- and expensive -- upgrade or retrofit.
-
imontenegro on 10 Apr 19Building management system is an intelligent microprocessor-based controller network installed to monitor and control a building's technical systems and services. they can be directly integrated with a broad range of building services, including access control, security, power, lighting, fire systems, elevator and escalator controls, smart whiteboards, and clinical systems. Hackers are becoming more savvy to BMSes. As a resullt, businesses must spend time and resources to patch any vulnerabilities.