These days the world‘s leading information security congress „Black Hat USA“ takes place in Las Vegas for the 20th time. At this event around 15.000 attendees are provided with the latest research, development and trends concerning IT security.
Only the best and most reknown speakers are being selected to speak at Blackhat USA. Speaking on security in the area of building automation control systems demonstrated once more that Limes Security is on the forefront of industrial control system security.
The usage of building automation, regardless if in private homes or corporate buildings, aims to optimize comfort, energy efficiency and physical access for its users. Is cyber security part of the equation? Unfortunately, not to the extent one might expect, cyber security is quite often found to be sacrificed either for comfort or efficiency.
The talk described prototypic attack scenarios through building automation systems one should consider, and how even without exploits, a number of protocol functions in common building automation protocols like BACnet/IP and KNXnet/IP can support a malicious adversary going for those scenarios. In comparision to other talks on this topic in German, the section on protocol level attacks was significantly expanded.
The talk was very well received, afterwards options on mitigation and compensating methods was discussed with the audience.