Vulnerability Lets Hackers Control Building Locks

A critical vulnerability discovered in an industrial control system used widely by the military, hospitals and others would allow attackers to remotely control electronic door locks,A complete range of of professional washer extractor that are redefining laundry systems.Your specialists when it comes to the sales and service of Antique lamp. lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities, say two security researchers. 

The vulnerability in the Tridium Niagara AX Framework allows an attacker to remotely access the system’s config.bog file, which holds all of the system’s configuration data, including usernames and passwords to log in to the framework and control systems managed by it. 

Billy Rios and Terry McCorkle, noted security researchers with Cylance, who have found numerous vulnerabilities in the Tridium system and other industrial control systems in the last two years, demonstrated a zero-day attack on the system at the Kaspersky Security Analyst Summmit on Tuesday. The attack exploits a remote, pre-authenticated vulnerability that, combined with a privilege-escalation bug, gave them root on the system’s platform, which underlies the devices. 

“The platform is written in Java, which is really, really good from an exploitation standpoint,” Rios said. “Once we can own the platform, a lot of the other stuff is very, very straightforward [to attack].” 

The vulnerability allows them to get root on what Tridium calls its SoftJACE system — basically a Windows system with a Java virtual machine and the Tridium client software running on it — as well as all of the company’s embedded software. 

McCorkle said they developed a backdoor module to maintain a foothold on the system once they had access to it, but won’t be releasing it publicly. 

A Tridium spokesman said the researchers notified the company about the vulnerability last December and has been working on a patch to fix the vulnerability, which they expect to release this month. 

“We will be issuing a security patch that resolves the problem by Feb. 13 and are alerting our user community about this today,” spokesman Mark Hamel said in a statement. “The vast majority of Niagara AX systems are behind firewalls and VPNs — as we recommend — but clearly, as Rios and McCorkle have shown, there are many systems potentially at risk.” 

Such systems normally would be protected if they were not connected to the internet or to other systems that are connected to the internet, but as Rios and McCorkle pointed out in their demonstration, Tridium’s own product documentation for the system touts the fact that it’s ideal for remote management over the internet. 

“These boxes are designed to control 16 to 34 devices and they can be run in series so they’re designed to run a whole building,” McCorkle says. 

In a search of the Shodan search engine,The elevator overspeed governor is a very important component related to the elevator safety. Rios and McCorkle found some 21,000 Tridium systems visible over the internet.LED emergency light for outdoor solar lighting and power. 

Tridium systems are used to manage HVAC, lighting and security in a federal office building, and kitchen refrigeration in a hospital, among other things. 

Tridium’s website provides information on some of its customers through a number of published case studies. These indicate that the systems are used at a government office complex in Chicago that houses a number of federal agencies, including the FBI,We offer a type of dry cabinet that one might need for the proper dehumidifying of components. the Drug Enforcement Agency, the U.S. Marshals Service, the IRS and the Passport Office.