A building automation engineering firm experienced a nightmare scenario: It suddenly lost contact with hundreds of its building automation system (BAS) devices — light switches, motion detectors, shutter controllers, and others — after a rare cyberattack locked the company out of the BAS it had constructed for an office building client.

The firm, located in Germany, discovered that three-quarters of the BAS devices in the office building system network had been mysteriously purged of their “smarts” and locked down with the system’s own digital security key, which was now under the attackers’ control. The firm had to revert to manually flipping on and off the central circuit breakers in order to power on the lights in the building.

The BAS devices, which control and operate lighting and other functions in the office building, were basically bricked by the attackers. “Everything was removed … completely wiped, with no additional functionality” for the BAS operations in the building, explains Thomas Brandstetter, co-founder and general manager of Limes Security, whose industrial control system security firm was contacted in October by the engineering firm in the wake of the attack.

Brandstetter’s team, led by security experts Peter Panholzer and Felix Eberstaller, ultimately retrieved the hijacked BCU (bus coupling unit) key from memory in one of the victim’s bricked devices, but it took some creative hacking. The engineering firm then was able to reprogram the BAS devices and get the building’s lighting, window shutters, motion detectors, and other systems back up and running.

But the attack was no anomaly. Limes Security has since been getting reports of similar types of attacks on BAS systems that run on KNX, a building automation system technology widely deployed in Europe.

Keep reading on DarkReading.com

• 
•