HVACking: Remotely Exploiting Bugs In Building Control Systems

According to this article, https://www.bleepingcomputer.com/news/security/hvacking-remotely-exploiting-bugs-in-building-control-systems/, Security researchers have found a zero-day vulnerability in a popular building controller used for managing various systems, including HVAC (heating, ventilation, and air conditioning), alarms, or pressure level in controlled environments.

  • Discovered using the automated software testing technique called “fuzzing,” the point of failure gives an attacker on the network full control of an unpatched system. They would be in a position to manage the various building controls connected to the vulnerable device
  • The vulnerability is now tracked as CVE-2019-9569 and is a buffer overflow that leads to remote code execution when properly exploited
  • Attacks can be launched even if the location of the target system on the network is unknown

Javvad Malik, Security Awareness Advocate,  KnowBe4
August 13, 2019
Devices chosen should have security features.
As we see a rise in smart buildings and smart cities with greater connected smart devices and embedded IoT, the attack surface and exposure becomes much greater. Companies should therefore carefully consider the threats they open themselves up to when having internet-accessible devices. Devices chosen should have security features, such as being able to be updated with patches, allow changing of d ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article