5 Features of BACNet That are Vulnerable
BACNet Vulnerabilities are real. Here are the features to be aware of.
- UDP Vulnerability
BACnet uses the UDP Protocol for Transport Layer of its Ethernet messaging system. This Protocol does not use acknowledgements. Packets are sent and assumed to have arrived. This could be a dangerous assumption if they are critical alarms.
- Lack of Encryption
Almost all products on the market do not support Encryption. Devices already in service using BACNet which do not support encryption are especially vulnerable since the manufacturer might not (be able to) provide firmware updates.
- Obsolete Operation Systems and Firmware
Devices already in service using BACnet may be using operating systems whose encryption has been hacked or which have other vulnerabilities. The same risk applies to firmware. Hacked firmware or firmware with known vulnerabilities may already be in service.
- Poor Implementations
Each vendor may have implemented the protocol as an independent project using their own standards, design, skills, quality assurance and testing systems. Some have done a poor job. For example: one manufacturer allows a single broadcast message to delete the configuration and then restart the device. This is a severe risk.
- Open Source Implementations
Many vendors have used the open source stack. There are a number of known vulnerabilities in various versions. Those vulnerable versions may be in service in currently installed devices
Previously
The 18 Attack Types Using the Vulnerabilities of BACnet
Coming Next
The Scale of the Threat
Ready for a COV overload?