I Own Your Building - Management System

Explore the critical vulnerabilities in Building Management Systems (BMS) and Building Automation Systems (BAS) in this eye-opening conference talk from the Hack In The Box Security Conference. Delve into the research findings that reveal how basic cyber security attacks can compromise entire buildings, affecting millions of people. Learn about the potential for unauthenticated attackers to manipulate doors, elevators, air-conditioning systems, windows, cameras, boilers, PLCs, lights, and alarm systems in various facilities, including banks, hospitals, and government buildings. Discover the vulnerabilities identified by the Applied Risk research team across multiple BMS components and products from various vendors. Gain insights into the research process, including exposure of management interfaces, software technology in controllers, and automatic and manual vulnerability discovery. Examine real-world examples of exploits, such as cookie traversal, rootstyle, and Java backdoors. Understand the potential impact on critical infrastructure and explore case studies from vendors. Conclude with recommendations for upgrading and securing BMS to protect against these alarming security risks.