With buildings now increasingly connected to the outside world through a series of connected IoT devices, the risk of cyberattacks grows ever stronger. While smart buildings and the technology they employ represent the future of building management, they are something of a hacker’s dream.
What are Smart Buildings?
Over recent years, smart building technology has revolutionized building management. Almost all aspects of a building can now be managed remotely by an ever-growing network of sensors and computers. Everything from ventilation, elevators, air filtration systems to fire-detection systems, databases, and smart fridges can now be monitored and controlled remotely. This not only allows proactive management of facilities – detecting issues before they become bigger problems – but also helps meet environmental expectations. A smart building can, for example, detect the presence of inhabitants. This allows the automatic adjustment of systems like heating and lighting, reducing energy consumption drastically. They also allow the monitoring of airflow and people. This sort of proptech allows buildings to future-proof themselves in the wake of COVID-19. Smart buildings can control airflow and restrict or direct access, meaning future situations are able to be handled better.
Rise of Smart Building Cyber Attacks
Casting a shadow over the success of smart buildings is the rise of cyberattacks. According to Kaspersky and InfoSecurity Magazine (https://www.infosecurity-magazine.com/news/attacks-iot-devices-double-past/), attacks on devices used within smart buildings have almost doubled over a twelve-month period. In the last six months of 2020, around 639 million cyberattacks were detected by that organisation. In the first six months of 2021, this number had risen to over 1.5 billion. Once inside a building management system, hackers can remotely control any insecure system. With smart buildings being so inter-connected, this poses a significant risk.
Not only does it compromise the safety of sensitive company information held on databases and computers, but it can prove dangerous to the health and safety of inhabitants. Locking inhabitants in and out of rooms, for example, or manipulating the ventilation and heating systems dangerously. Other possible situations include the disabling of fire safety systems, something with life-threatening consequences. And this level of threat is no longer simply hypothetical Hackers have now been known to infiltrate hospital building management systems where they have held systems to ransom, delaying operations and causing widespread disruption. Another case from 2020 involved the hacking group REvil accessing before and after photographs of celebrities undergoing cosmetic surgery and issuing a ransomware attack.
How Hackers Access Smart Buildings
Smart buildings prove such an attractive target for hackers because of IoT (Internet of Things) devices. Using insecure IoT devices as points of access, cyberattackers can gain access to other systems within the building. As with all things, smart buildings are only as secure as their weakest link. Using the telnet protocol, SSH, and web channels, hackers compromise IoT devices, using them as launchpads for their cyberattacks. Once infiltrated, a smart building can be controlled by a hacker just as a facilities manager would. IoT devices are often used as a point of access for hackers because they don’t typically support endpoint security agents. They can also have default passwords to access administration services which can be easily Googled. Hackers go about this by using IoT and other weakly secured devices to detect login credentials and execute malicious code that compromises a building management software’s security. Hackers will often use whatever information they have discovered to create convincing phishing emails. By using company information gleaned from the attacks, these hackers will attempt to persuade individuals to reveal login credentials or other sensitive information.
The most basic security method includes changing the default password on all devices. This involves using a unique and unguessable password for each device. While using the same password for devices might be easier for facilities management, it also makes it easier for hackers. Implementing a segmentation technique is also vital to ensure security is never compromised. Segmentation ensures that multi-factor authentication or privileged access is required to access each system within a smart building. This ensures that, should a system – such as heating – become compromised, the hacker will not be able to access other systems connected within the building. Another factor to consider is human error. Breaches are often due to nothing more than people who access a system revealing credentials or leaving a system logged in when not in use. Company-wide awareness of the growing threat of cyberattacks is therefore vital.
Ultimately, the best way to prevent cyberattacks is to use a fully secured solution like Standard Access’ Digital Spine (https://standardaccess.co/watch-back-digital-spine-operating-system-for-smart-buildings/ ), preventing cyberthreats and ensuring devices cannot be used to access the system as a whole.
About Standard Access:
Established in 2014 by Damien Browne, Standard Access is the global leader in IoT digital spine secure data transmission for smart building technologies, providing solutions for contactless building access through the patented Sonic Handshake®, along with a suite of AI-enabled solutions for building owners/operators and their tenants. www.standardaccess.co