Leveraging Operational Technology and the Internet of Things to Attack Smart Buildings
In recent years, the buildings where we spend most part of our life are rapidly evolving. They are becoming fully automated environments where energy consumption, access control, heating and many other subsystems are all integrated within a single system commonly referred to as smart building (SB). To support the growing complexity of building operations, building automation systems (BAS) powering SBs are integrating consumer range Internet of Things (IoT) devices such as IP cameras alongside with operational technology (OT) controllers and actuators. However, these changes pose important cybersecurity concerns since the attack surface is larger, attack vectors are increasing and attacks can potentially harm building occupants. In this paper, we analyze the threat landscape of BASs by focusing on subsystems which are strongly affected by the advent of IoT devices such as video surveillance systems and smart lightning. We demonstrate how BAS operation can be disrupted by simple attacks to widely used network protocols. Furthermore, using both known and 0-day vulnerabilities reported in the paper and previously disclosed, we present the first (at our knowledge) BAS-specific malware which is able to persist within the BAS network by leveraging both OT and IoT devices connected to the BAS. Our research highlights how BAS networks can be considered as critical as industrial control systems and security concerns in BASs deserve more attention from both industrial and scientific communities. Even within a simulated environment, our proof-of-concept attacks were carried out with relative ease and a limited amount of budget and resources. Therefore, we believe that well-funded attack groups will increasingly shift their focus towards BASs with the potential of impacting the live of thousands of people.
READ FULL TEXT