Researchers Demonstrate Malware that Hacks Smart Buildings

We’re not quite in the era of smart buildings yet, but we’re already seeing proof of how important it is to ensure they’re properly secured before they’re rolled out. No company wants to discover that their smart buildings have crippling security flaws after they’ve installed all of the technology; it has to be nipped in the bud long before the public even gets to look at it.

As such, it’s important that researchers put the security measures to the test before it’s released to the wild. There are people who practice cracking security for benevolent reasons, identifying flaws and backdoors for the purpose of warning the potential victims of their existence. These people typically create “proof of concept” malware: malicious code that would theoretically wreak havoc on a system if actually deployed yet contained within a controlled environment for demonstration purposes only.

What Was Found?

A research team recently performed a security test on a smart building system that’s currently in use today. They found eight means of attack, six of which were unknown, and two were known but undisclosed to the public.

One of the more worrying flaws the researchers found was the ability to control the security access of the smart building. The researchers created a 2MB malware program that would sneak in through security cameras with known IP security flaws. Once it was within the system, it would then chip away at the vulnerabilities of the network to get itself into the core.

Once the malware had established its grip, it could create a new user profile on the building’s whitelist and print out an access card, allowing anyone access to the entire building. It could also delete existing users, locking people out (or in!) the building until the problem is rectified. Even worse, the malware was designed to erase its own logs as it went and could embed itself into the system deeply enough to survive a reboot.

What Does this Mean for the Future?

These little tests are proof that smart city security needs to be solved before it’s rolled out for public use. With all these vulnerabilities found within a single smart building, can you imagine the damage this could do to a more complicated smart city? If smart traffic lights and transportation systems manage to get hacked, people could cause havoc at best, and terrorism at worst.

This is why it’s so important for smart cities to be developed slowly and surely. If development is rushed, and a crippling vulnerability is found after the smart city has been installed, it could cause wanton damage before it’s patched out. As such, before we can all hop into auto-driving cars to take us wherever we need to go, it must first be insured that nobody can gain access to the controls and cause havoc and injury.

Smartening Up Security

As we move toward the future of smart cities and buildings, it’s very crucial to ensure that it’s protected against attacks from outside forces. Failure to do so can cause widespread chaos and even injury! With the recent news of researchers finding vulnerabilities in smart buildings, it’s a reminder of how important it is to test these systems before they’re rolled out.

Are you confident in the ability to secure an entire smart city from vulnerabilities? Let us know below.