I Own Your Building - Management System

Explore the critical vulnerabilities in Building Management Systems (BMS) and Building Automation Systems (BAS) in this eye-opening conference talk from the Hack In The Box Security Conference. Delve into the research findings that reveal how basic cyber security attacks can compromise entire buildings, affecting millions of people. Learn about the potential for unauthenticated attackers to manipulate doors, elevators, air-conditioning systems, windows, cameras, boilers, PLCs, lights, and alarm systems in various facilities, including banks, hospitals, and government buildings. Discover the vulnerabilities identified by the Applied Risk research team across multiple BMS components and products from various vendors. Gain insights into the research process, including exposure of management interfaces, software technology in controllers, and automatic and manual vulnerability discovery. Examine real-world examples of exploits, such as cookie traversal, rootstyle, and Java backdoors. Understand the potential impact on critical infrastructure and explore case studies from vendors. Conclude with recommendations for upgrading and securing BMS to protect against these alarming security risks.

Introduction
What is a BMS?
BMS for end users
What Does a BMS Do?
Building Control Applications
Typical Systems Components - Field Devices
Typical Systems Components - Networks
Interaction With Other Building Management Systems
Typical User Interface Options
BMS Simple User Interfaces - Web Interface
BMS & EDAC
Advertisement - 2019
Security Analysis and Exploitation
Exposure of Management Interface
Software Technology in Controllers
Automatic and Manual Vulnerability Discovery
Obtaining Firmware
Example: Cookie traversal
Example: rootstyle
Backdoors (Development Console)
Example: Java backdoor
Backdoor Access - Optergy
System Access - Linear e Merge E3-Series
System Access - Metasploit Session
System Access - Prima FlexAir #2
Impact
Potential targets (case studies from the vendor)
Upgrade