https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

IIoT/Manufacturing


Getty Images

engineer at work

ICS Security Attack Enables Remote Control of Buildings

A demonstration at McAfee MPOWER highlighted the potential of adversaries to remotely control vulnerable ICS systems, with potentially grave consequences. 
  • Written by Brian Buntz
  • 7th October 2019

You can “[m]anage your entire central plant from one controller.”

That marketing boast refers to the capabilities of the enteliBUS control system from Delta Controls. 

It also illustrates why convenience, like complexity, has been dubbed enemies of security. 

The ease of use connected industrial systems offer can also make them a single point of failure in a cyberattack, potentially giving an adversary control over industrial and building assets. For instance, a hacker targeting such a system could dismantle an HVAC system’s heating or cooling during an extreme weather event. Such an ICS security exploit could also cause the temperature to spike in a manufacturing facility or a data center. Networked lighting and access control systems would also be fair game. Because the enteliBUS manager and other similar products are programmable BACnet controllers, potential targets of such systems could include virtually any enterprise or industrial environment housed within a building. A blog post from McAfee also points out that such BACnet systems are used to control the positive pressure room within a hospital. This room is responsible for stopping contaminants from entering operating rooms. 

On stage at McAfee MPOWER, Doug McKee, a senior security researcher at the company, showed off the potential of a zero-day exploit targeting the enteliBUS system in a live demo. “One of the things we were able to do is to exploit this vulnerability 100% remotely,” McKee said. 

[Industrial IoT World is the event where companies learn how to scale IIoT for integration, innovation and profit. Save $200 on your conference pass with VIP code “IOTWORLDTODAY.”]

Demonstrating the Damage

In an on-stage demo, McKee proceeded to demonstrate how easy it is to exploit the CVE-2019-9569 vulnerability, for which a patch is available. With a simulated data center that was rigged up for the event, McKee said an attacker using the exploit could control networked pumps, valves and fans in the imaginary data center’s HVAC system. 

A summary describing the ICS security vulnerability in the National Vulnerability Database also indicates that it could enable a hacker to cause a denial of service attack as well. The underlying problem that made the attack possible related to an inconsistency in managing network traffic created a buffer overflow, a vulnerability type the U.S. government documented in a 1972 Computer Security Technology Planning Study. According to Wikipedia, the first documented case of a buffer overflow attack occurring in the wild was in 1988. 

In the stage presentation at McAfee MPOWER, McKee showed how malware developed to exploit the vulnerability permitted him to toggle HVAC controls and an alarm on and off via a reverse shell. An alarm hooked up to such a system could be linked to a security information and event management system, or send an alert to a facilities manager via an SMS or email message. “With a few keystrokes, I can go ahead and turn on the alarm,” McKee said. Addressing McKee on stage, Steve Grobman, McAfee’s chief technology officer said: “Knowing your sense of humor, you would probably be sitting in the parking lot, and when the person who’s responsible for [the data center facility] drives in, you would probably turn the alarm back off.” 

But hackers could carry out more cunning attacks that accomplish more than just annoying maintenance and facilities management workers. For instance, for a liquid-cooled data center or any facility with a boiler room or a water-cooled HVAC system, an attacker could shut off networked pumps at will. “My HVAC back at home doesn’t use water pumps, but industrial systems do. And they’re providing critical cooling for mission-critical components,” Grobman said. 

After the pump demonstration, McKee went on to turn off the HVAC system’s damper to block airflow, followed by shutting off a valve. 

The vulnerability would also enable an attacker to manipulate data, changing temperature readings or other variables. 

Action at a Distance

Because the ICS security attack is exploitable over the internet, an adversary could essentially carry out such an exploit anywhere. According to a McAfee blog post, there were 1,600 enteliBUS Manager devices that displayed in an August search on the IoT search engine Shodan.io. A search for “eBMGR” on Oct. 4 turned up almost 500 such devices, with the bulk of them in North America. Shodan flagged a portion of those devices, however, as honeypots. A number of the eBMGR devices displaying on Shodan had version 3.40.571848 firmware installed, which was the vulnerable version McAfee exploited in its labs. Likely, devices using earlier firmware are also at risk. 

McAfee first shared its research regarding the eBMGR devices with Delta Controls on Dec. 7, 2018. Delta Controls responded to McAfee’s vulnerability disclosure within a matter of weeks and, as mentioned before, released a patch to address this exploit. “Once that patch was ready to go, they sent it back to us, and I personally verified it 100% remediates this vulnerability,” McKee said. 

Tags: Building automation Physical building security Smart factories IIoT/Manufacturing Security Smart Homes and Smart Buildings Features

Related


  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.
  • Supply Chain Analytics and IoT Loom Large in Wake of 2020 Disruption
    The COVID-19 crisis has made disruptive events par for the course. Supply chain analytics, digital twins and other tools have become key to understanding and predicting disruption.
  • IoT App Development Gets Agility Boost From Container Technologies
    IoT app development has clamored for greater agility, productivity and security. Container technologies can realize those benefits.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Securing IoT at the Edge Is Key to Safe IoT Operations
  • Industrial Transformation Faces Rocky Road in 2020
  • Adoption of the Internet of Robotics Things Accelerates
  • UV-C Lighting System Relies on Smart Building Automation

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Swiss-startup Airyacht is developing an eponymously named vehicle that it says will take the luxury-yacht experienc… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

@Tesla’s #Autopilot being investigated once again following fatal crash in Newport Beach, California. iotworldtoday.com/2022/05/23/tes…

23rd May 2022
IoTWorldToday, IoTWorldSeries

A new Kansas law will enable #driverless deliveries from @Walmart and its partner @Gatik_AI. #AVs… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

Access a world of opportunity in 2022 with @IoTWorldToday ➡️ Now is time to unlock ROI, by accessing a global com… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

3D Home Printer to Build 72 Residences for National Homebuilder dlvr.it/SQhWSF https://t.co/XJOs70DqzH

19th May 2022
IoTWorldToday, IoTWorldSeries

Microsoft Ramping up Cybersecurity Service Offerings dlvr.it/SQhPR0 https://t.co/nYzaDRnyVY

19th May 2022
IoTWorldToday, IoTWorldSeries

IoT Product Roundup: PTC, Nokia, Arm and More dlvr.it/SQhNNF https://t.co/ZApdw3RHdu

19th May 2022
IoTWorldToday, IoTWorldSeries

Britain’s postal service has plans to run a fleet of autonomous #drones to make rural postal deliveries easier.… twitter.com/i/web/status/1…

19th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X