Before the term IoT was coined, building automation systems (BAS) – or building control systems (BCS) – were already around, allowing the facilities manager to monitor and control various types of equipment from a single console. Over time the BAS has become more sophisticated and manages intelligent subsystems such as fire safety systems, heating, ventilation and air conditioning (HVAC), elevators/escalators, lighting control systems and security systems. Today building IoT is predicted to be among the leading industries for IoT adoption according to IDC.
As smart buildings become the new norm, it has also attracted the attention of cybercriminals. Here is how cybercriminals target companies through their building automation systems and apps:
- Backdoor access to network: Probably the largest threat comes from hackers who gain access to a poorly secured building management system, or equipment software, and are then able to pivot onto a corporate network.
- Physical damage: Tampering with climate control, alarm system, elevators and fire alarms has consequences for the safety of the building’s occupants, as well as causing commercial damage.
- Physical access to a smart building: Remotely disabling the door locks and intrusion detection systems via vulnerabilities in the BACS or connected device software, allows criminals to gain access to the building and the valuable property inside.
- Pirated software: Many building automation vendors are shifting their business to increased value services, leveraging the increased connectivity of their solutions. The software used to run those services can be copied by other sources to enable competing businesses and eroding potential services revenue for the building automation systems vendor.
Cloakware: renewable security in depth that protects Connected Building platforms, apps and smart device software from the inside-out
The days of relying solely on perimeter security, where everything that runs inside the firewall or sandbox is implicitly trusted, are well over. In many IoT applications, more robust security is needed inside the software itself. Irdeto’s Cloakware is a defense in depth solution that consists of a set of anti-hacking technologies that adds security to software platforms, apps and smart devices. It also prevents hackers from reverse engineering the device or application by using anti-debug, code transformations, white-box cryptography and other technologies. The secure code is generated with a changeable seed that can be renewed easily, creating new versions of the software to thwart differential analysis and collusion and increasing the hacker’s efforts over the long-term. This makes the original code and data excessively costly to tamper with, and therefore reduces the scale of their profits.