At Applied Risk, we undertake security research projects to identify and bring awareness to critical components at the heart of your operations. In the past, we’ve taken apart and uncovered critical vulnerabilities in widely used industrial components and protocols such as WirelessHART and Safety PLCs, and work together with vendors to patch vulnerabilities through our responsible disclosure process.
What started out as curiosity as to how to unlock and open doors remotely, grew into a research project assessing the process of manipulating entire buildings. Building Management Systems (BMS) components undertaken in this research are responsible for critical services such as Access Control Systems, Fire Alarm Systems, Security Cameras, Heating, Ventilation and Air Conditioning (HVAC), Elevator Control, Power and Lighting Control Systems, Weather Monitoring Systems and more. Impacting each of these systems has the potential to cause disruptions, damage and safety hazards for your organisation.
Spanning a one-year timeline, this research resulted in the discovery of more than 100 zero-day vulnerabilities affecting various BMS components. Today, we’re releasing the long-awaited technical research report titled: “I Own Your Building (Management System)”, which is available free for download on our website.
This report addresses the common challenge of BMS cyber security and its underlying components. Vulnerable elements across a range of components were investigated, with the vulnerabilities potentially affecting more than 10 million people.
During the research, some of the risks discovered within these BMS components include the potential ability for threat actors to:
- Remotely lock or unlock doors and gates;
- Control physical access of restricted areas;
- Deny service (shutdown controllers);
- Manipulate alarms and video surveillance;
- Control temperature, boilers, air-condition, windows blinds, gas readings, etc.
Through a detailed analysis of the affected components, we provide clear cyber security recommendations for end users, vendors and system integrators, as well as a thorough technical breakdown including Proof of Concept exploit code, which allow unauthenticated remote code execution against the affected BMS products.
To learn more about the BMS research we’ve conducted, download the full I Own Your Building (Management System) security research report here.