Buildings are becoming increasingly smarter and even more networked than ever before. Gone are the days when a building is simply an electrical system with Wi-Fi capabilities. Now, network connectivity forms a vital part of the function of modern buildings. And while this new era of connectivity has helped to make working spaces more responsive and intelligent, it has also opened these systems up to danger. That’s exactly why Q-Net Security is sharing more information on cybersecurity and the building automation industry below:

Any Smart Device is Vulnerable to Attack

From automated locks to climate control systems and networked medical devices, critical functions of buildings are now network-enabled. Imagine, in the wake of a hack, a hospital that loses access to their prescription database, and delays life-critical medication. Or even worse, imagine actual monitoring or healthcare devices being taken offline. Outside of these particularly grim healthcare visions, a mere office building being taken offline results in an almost complete halt to work until the problem is fixed.

Target: A Real-World Example

According to Computerworld, Target was hacked back in 2014 when cyber criminals entered their network through the HVAC system. “In Target's case, hackers stole login credentials belonging to a company that provides it HVAC services and used that access to gain a foothold on the company's payment systems.” They were ultimately able to steal data on 40 million credit and debit cards since the HVAC firm had remote access to Target. So it’s critical to know who has access to your building and what devices are connected to the Internet.

Over 100 Vulnerabilities Identified in 2019

In 2019, it was announced that a researcher discovered 100 vulnerabilities in building management and access control systems from several key vendors.

“The vulnerabilities include default and hardcoded credentials, command injection, cross-site scripting (XSS), path traversal, unrestricted file upload, privilege escalation, authorization bypass, clear-text storage of passwords, cross-site request forgery (CSRF), arbitrary code execution, authentication bypass, information disclosure, open redirect, user enumeration, and backdoors.”

These were marked as critical, meaning that they could potentially give hackers full control if they desired it. The researcher, Gjoko Krstic, said “an attacker can conduct a wide range of activities after hijacking the vulnerable systems, including trigger alarms, lock or unlock doors and gates, control elevator access, intercept video surveillance streams,” and so on.

Cyber Threats are Here to Stay

If the recent hackings from 2020 and 2021 prove anything, it’s that cyber threats aren’t disappearing anytime soon. While it may just look like another expense, a long-term investment in cybersecurity really pays off. With Q-Net's hardware security (the Q-Box), we can protect smart devices from outside interference. The segmentation of the network using our devices can even limit the spread of malware in IT systems (traditional computers). Finally, our devices can be integrated directly into the building, and can enable wireless security that is just as secure as hardwired solutions. This lowers building costs and retrofits by helping to "cut the cable" without compromising security.

All in all, your building is far more secure when utilizing Q-Net Security’s Q-Box than with any software solution available on the market. Our hardware system delivers quantum compute-resistant encryption, is decentralized for robustness, and renders network nodes invisible to attackers.

For more information, please visit or contact us today at [email protected].