IBM’s X-Force team hacks into smart building

As buildings get smarter and increasingly connected to the Internet, they become a potential vector for attackers to target.

IBM’s X-Force ethical hacking team recently ran a penetration test against a group of office buildings using building automation systems that controlled sensors and thermostats.

In this particular case, a building management company operated more than 20 buildings across the United States, as well as a central server.

Without any social engineering, or online data gathering about employees, the team targeted one building.

“We did it old-school, just probing the firewall, finding a couple of flaws in the firmware,” said Chris Poulin, research strategist for IBM’s X-Force. “Once we had access to that, we had access to the management system of one building.”

To read this article in full or to leave a comment, please click here