An IBM-led penetration testing team has thoroughly owned an enterprise building management network in a free assessment designed to publicise the horrid state of embedded device security.
The IBM X-Force team of Paul Ionescu, Jonathan Fitz-Gerald, John Zuccato, and Warren Moynihan, along with Akamai engineer Brennan Brazeau, conducted the test on an unnamed business with multiple offices.
The team owned several buildings through the internet-facing building automation system which sported a controller, sensors, and thermostats.
“[We could] take control of the individual building system, but also gain access to a central server … which could extend control to several other geographically dispersed buildings,” the team wrote in areport (PDF).
The hackers say they found exposed administration ports in the company’s first building, gaining access to a D-Link panel enabled to allow remote monitoring, and an environmental reporting web server used by the building controller device. For the full article click here
from hacker samurai http://ift.tt/20XcR4F
via IFTTT
No comments:
Post a Comment