Security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities that expose buildings to cyber attacks.
Security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities in management and access control systems from four major vendors.
An attacker can exploit the vulnerabilities to gain full control of the vulnerable products and access to the devices connected to them.
Krstic conducted a year-long study on building management (BMS), building automation (BAS) and access control products from Nortek, Prima Systems, Optergy, and Computrols. The experts analyzed several products, including Computrols CBAS-Web, Optergy Proton/Enterprise, Prima FlexAir, and two Nortek Linear eMerge products.
The expert discovered over 100 security flaws, including default and hardcoded credentials, command injection, cross-site scripting (XSS), path traversal, unrestricted file upload, privilege escalation, authorization bypass, clear-text storage of passwords, cross-site request forgery (CSRF), arbitrary code execution, authentication bypass, information disclosure, open redirect, user enumeration, and backdoors.
Some of the flaws, rated as ‘critical,’ could be exploited by an unauthenticated attacker to take full control of the vulnerable systems. The extent of the flaw is wide, according to data collected by Krstic during the study, the vulnerabilities could impact up to 10 million people and 30,000 doors at 200 facilities.
Once hacked vulnerable systems, attackers could steal personal information and conduct a wide range of malicious activities, including lock or unlock doors and gates, control elevator access, trigger alarms, intercept video surveillance streams, and manipulate HVAC systems and lights, disrupt operations.
“It is possible to identify exposed systems using search engines like Shodan, and it is feasible to scan the entire IPv4 internet.” reads the analysis published by the experts related to Computrols CBAS-Web 18.0.0
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.