Hacking Smart Building—An Attacker’s Perspective on IoT Attack Surface and Challenges for Cyber Defenders (I12a)
The presentation will guide the audience through a complete ICS attack vector aimed at compromising building automation controllers and smart building. It will show how in a recent case study team of security researchers identified zero days in smart building devices and vulnerabilities in other components of building automation solutions architecture and leveraged those to simulate comprehensive attack scenario. The talk will show an overview of challenges of smart building solutions cybersecurity.
Agenda:
– Smart building design, architecture and role of smart devices’ firmware
– Approach to identifying cyber security weak points in smart building implementation
– Results of building automation controller devices and building management system security analysis‚ examples of identified key vulnerabilities
– Examples of common misconfigurations of remote access gateways, BACnet devices and 3G modems
– Exploitation of identified vulnerabilities in simulated attack on smart building and tenant organizations