Hacking

Over 100 flaws in management and access control systems expose buildings to hack

Security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities that expose buildings to cyber attacks.

Security researcher Gjoko Krstic from Applied Risk discovered over 100 vulnerabilities in management and access control systems from four major vendors.

An attacker can exploit the vulnerabilities to gain full control of the vulnerable products and access to the devices connected to them.

Krstic conducted a year-long study on building management (BMS), building automation (BAS) and access control products from Nortek, Prima Systems, Optergy, and Computrols. The experts analyzed several products, including Computrols CBAS-Web, Optergy Proton/Enterprise, Prima FlexAir, and two Nortek Linear eMerge products.

The expert discovered over 100 security flaws, including default and hardcoded credentials, command injection, cross-site scripting (XSS), path traversal, unrestricted file upload, privilege escalation, authorization bypass, clear-text storage of passwords, cross-site request forgery (CSRF), arbitrary code execution, authentication bypass, information disclosure, open redirect, user enumeration, and backdoors.

Some of the flaws, rated as ‘critical,’ could be exploited by an unauthenticated attacker to take full control of the vulnerable systems.
The extent of the flaw is wide, according to data collected by Krstic during the study, the vulnerabilities could impact up to 10 million people and 30,000 doors at 200 facilities.

Once hacked vulnerable systems, attackers could steal personal information and conduct a wide range of malicious activities, including lock or unlock doors and gates, control elevator access, trigger alarms, intercept video surveillance streams, and manipulate HVAC systems and lights, disrupt operations.

“It is possible to identify exposed systems using search engines like Shodan, and it is feasible to scan the entire IPv4 internet.” reads the analysis published by the experts related to Computrols CBAS-Web 18.0.0

Krstic presented the findings of his study at SecurityWeek’s ICS Cyber Security Conference held in Singapore.

Experts at Applied Risk published security advisories for each of the impacted products, they plan to release technical details for each flaw in June.

Applied Risk confirmed that all of the impacted vendors, except for Nortek, already released security updates to address the issued in their products.

According to SecurityWeek, Nortek already patched the issued identified by Applied Risk despite the company did not receive the actual details of the flaws.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – buildings, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

3 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

15 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

19 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.