https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

IoT/Smart X


Partner content

Lights out: Cyberattacks shut down building automation systems

Lights out: Cyberattacks shut down building automation systems

  • Written by Kelly Jackson Higgins / Dark Reading
  • 21st December 2021

A building automation engineering firm experienced a nightmare scenario: It suddenly lost contact with hundreds of its building automation system (BAS) devices — light switches, motion detectors, shutter controllers, and others — after a rare cyberattack locked the company out of the BAS it had constructed for an office building client.

The firm, located in Germany, discovered that three-quarters of the BAS devices in the office building system network had been mysteriously purged of their “smarts” and locked down with the system’s own digital security key, which was now under the attackers’ control. The firm had to revert to manually flipping on and off the central circuit breakers in order to power on the lights in the building.

The BAS devices, which control and operate lighting and other functions in the office building, were basically bricked by the attackers. “Everything was removed … completely wiped, with no additional functionality” for the BAS operations in the building, explains Thomas Brandstetter, co-founder and general manager of Limes Security, whose industrial control system security firm was contacted in October by the engineering firm in the wake of the attack.

Brandstetter’s team, led by security experts Peter Panholzer and Felix Eberstaller, ultimately retrieved the hijacked BCU (bus coupling unit) key from memory in one of the victim’s bricked devices, but it took some creative hacking. The engineering firm then was able to reprogram the BAS devices and get the building’s lighting, window shutters, motion detectors, and other systems back up and running.

But the attack was no anomaly. Limes Security has since been getting reports of similar types of attacks on BAS systems that run on KNX, a building automation system technology widely deployed in Europe. Just last week, Limes Security was contacted by another engineering firm in Europe that had suffered an eerily similar type of attack as the German firm — on a KNX BAS system that locked it out as well.

“What was interesting … is the attackers here misused what was supposed to be a security feature, a programming password [the BCU key] that would lock out an adversary from manipulating the components,” Panholzer says.

“Luckily for us and the [BAS] operators so far in each of the incidents we have been involved with, the attackers set the same password for all components” in the victims’ respective BAS networks, Panholzer says. “In theory, there could be a different password for each and every component, and that would actually make recovery much, much harder.”

For its part, KNX warns in its product support information that the BCU key security feature should be deployed carefully for the engineering tool software (ETS): “Use this option with care; if the password is lost, those devices shall be returned to the manufacturer. Forgotten BCU Key in the devices cannot be changed or reset externally because this would make the protection in ETS meaningless (of course, the manufacturers know how to do this),” the KNX Association vendor says on its support page.

But in reality, most manufacturers of these devices are unable to retrieve pilfered BCU keys, Panholzer notes. The German engineering firm initially went to its BAS device vendors for help, but the vendors informed the firm they were unable to access the keys.

There have been other indirect reports of similar attacks on KNX-based systems, he says. “There seems to kind of an attack wave. We’re not fully aware how” widespread it is, however, he says.

“What is apparent is that it came out of nowhere: Suddenly, there were many attacks happening that we are aware of,” says Panholzer, who plans to present the case – which the company calls KNXlock – at the S4x22 ICS security conference next month in Miami. Limes Security declined to identify the victim organizations that have been hit in the attacks for confidentiality reasons.

There are no clues so far to trace back to the attackers. BAS systems aren’t configured with any logging functions, so the attackers don’t leave behind any digital footprints per se. Their attacks left no ransom notes nor signs of ransomware, so it’s unclear even what the endgame of the attacks was.

To read the complete article, visit Dark Reading.

 

Tags: Applications Companies Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness Internet of Things IoT/Smart X News Public Safety Security Software State & Local Government Subscriber Devices System Design System Operation Tracking, Monitoring & Control Partner content

Most Recent


  • Microsoft Outlook vulnerability could be 2023's 'It' bug
    Microsoft recently patched a zero-day vulnerability under active exploit in Microsoft Outlook, identified as CVE-2023-23397, which could enable an attacker to perform a privilege escalation, accessing the victim’s Net-NTLMv2 challenge-response authentication hash and impersonating the user. Now it’s becoming clear that CVE-2023-23397 is dangerous enough to become the most far-reaching bug of the year, security researchers are […]
  • Getting to know the how—and why—of the telecom cloud
    A funny thing happened during the pandemic: The giant cloud hyperscalers burst into the telecom industry. And now it’s time for everyone to get acquainted with them. Why? Well, it seems increasingly inevitable that a certain percentage – ranging from “a little” to “most” – of telecom operators’ network functions are going to run in […]
  • Zipline delivery drone docks, charges by itself
    Zipline has unveiled its new autonomous drone platform, designed to provide accurate everyday delivery to homes in the U.S., including in busy residential areas. Zipline’s previous delivery system worked by parachuting parcels into a specified area. Now the new drone, dubbed Platform 2 or P2 Zip, sends its goods down to customers via a tether […]
  • State and local leaders can alleviate the burden on public-safety personnel by tackling three workforce trends
    Government officials and public safety leaders wear many different hats. They serve as sounding boards for constituent complaints and for new ideas that need vetting. They are change agents charged with improving the lives of citizens and colleagues and are tasked with keeping order. Their most daunting responsibility, however, is keeping members of their community […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Verizon-owned Skyward accepting orders for Parrot drone
  • Lights out: Cyberattacks shut down building automation systems
    Newscan: Telecoms and Airlines agree to share data in an effort to resolve 5G dispute
  • Volvo deploys anti-theft car tracker
  • Grand-jury report on Surfside condo collapse calls for 10-year inspection cycles

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Microsoft Outlook vulnerability could be 2023’s ‘It’ bug dlvr.it/SlC3Hh

20th March 2023
UrgentComm

Zipline delivery drone docks, charges by itself dlvr.it/SlBNWy

20th March 2023
UrgentComm

State and local leaders can alleviate the burden on public-safety personnel by tackling three workforce trends dlvr.it/SlBH89

20th March 2023
UrgentComm

6G is shaping up to disappoint, and the industry can blame itself dlvr.it/Sl918J

20th March 2023
UrgentComm

Change is coming to the network detection and response (NDR) market dlvr.it/Sl4cts

18th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.