August 10, 2019 2:00 PM
Building Automation Systems control functions such as air conditioning, access control, and video surveillance in critical facilities such as data centers and airports. With the advent of the IoT, sensors, controllers and many other devices (e.g., surveillance cameras) are available in consumer shops and are being integrated into new and existing smart buildings. These devices are much cheaper than industrial controllers and far easier to install, but they often lack security features and vulnerabilities are discovered with increasing frequency. In addition, bad security practices such as simple or default credentials, unencrypted traffic and lack of network segmentation remain common. In this presentation, we discuss the results of research conducted at Forescout in the past 2 years, including: an analysis of the security landscape for smart buildings with industrial controllers and IoT devices; the development of a proof-of-concept malware using newly discovered and previously known vulnerabilities; and a description of how this can be used by malicious actors in emerging attack scenarios.
Daniel dos Santos holds a PhD in computer science from the University of Trento and has experience in security consulting and research. He is a researcher at Forescout, focusing on vulnerability research and the development of innovative features for network security monitoring.