This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2019 Singapore ICS Cyber Security Conference! (View the full conference website here)

Don’t miss the hottest ICS cyber security event in the APAC region -  Register Now
Back To Schedule
Wednesday, April 17 • 9:20am - 9:55am
I Own Your Building (Management System)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Despite the rapidly growing deployment of IP-based technologies around us, the security of these deployments remains susceptible to basic cyber security attacks. What began as a small enumeration of the exposure of Security Access Control Platforms on several Internet-connected device search engines, grew into a research project covering several Building Management Systems (BMS) or Building Automation Systems (BAS) and its various sub-categories.

The execution of such attacks enables an unauthenticated attacker to access and manipulate doors, elevators, air-condition systems, windows blinds, cameras, boiler, PLCs, lights, alarm system in an entire building. In the case of this research, more than 10 million people could be affected by the findings presented.

This presentation discusses vulnerabilities found by Applied Risk research team across several BMS components and products from various vendors in the industry. Multiple vulnerabilities have been identified that could result in the total compromise of entire buildings and critical facilities (e.g. banks, hospitals, industrial facilities, government, residential…etc.).

In addition to the discovered vulnerabilities, the process we followed during our research will be discussed. Examples will be given for topics like:
  • Firmware analysis  
  • Device assessment

avatar for Gjoko Krstic

Gjoko Krstic

Senior ICS Security Researcher, Applied Risk
Gjoko is a Senior ICS/IIoT Security Researcher at Applied Risk in Amsterdam, The Netherlands. Gjoko has been active in the “security industry” for almost 15 years, holding experience in many fields in cybersecurity including: penetration testing, malware analysis, vulnerability... Read More →

Wednesday April 17, 2019 9:20am - 9:55am GMT+08
Stamford Ballroom