Professional Security Magazine x Mike Gillespie – Buildings that can harm
News and information from the Advent IM team.
The recent news of the Modipwn vulnerability, highlights again how real this problem is; it has not gone away. While this Modicon attack is specific to a certain technology, what it shows is that effectively any of these legacy PLCs (programmable logic controllers) and associated technologies, could cause the take over of a smart building. This could potentially cause physical damage and even harm to occupants. Like many other non-core IT, these technologies have not been designed to allow for dynamic patching. They rely on building managers knowing that they have this technology, that it is vulnerable, where to get the patch from and then having the skills and knowledge about how to implement it. The threat is growing, with evidence from leaked documents, obtained by Sky News, explaining how state attackers are planning to exploit civilian infrastructure to conduct cyber attacks, including those on smart buildings. The document stated how systems that control lighting, ventilation, heating and security systems in smart buildings across the world may be exploited by Iranian hackers.
Read the full article here.