The proliferation of the Internet of Things (IoT) has led to the development of smart buildings, which are equipped with sensors and automation systems to monitor various data and improve operational efficiency, reduce energy and resource consumption, and create a more user-friendly environment. However, the increased reliance on electronic devices and software also makes smart buildings more vulnerable to cyberattacks. Our researchers have analyzed the unique ways in which building automation system (BAS) users can be hacked when systems are infiltrated and taken over. This includes various forms of threats, such as:
- DDoS attacks that require rebooting the entire system
- The KNXlock hack that turns hundreds of devices into ‘zombies’
- Credentials thefts that allow attackers to access configuration data and obtain usernames and passwords
- Buffer overflows where a system can be forced into crashing by overloading the HTTP request with long strings of characters
It is important to read this article to better understand the dangers facing BAS and how an operational technology (OT) zero trust approach can address cybersecurity challenges before they arise.