Finland seems to be in new due recent house automation IoT security incidents. Slashdot tells that DDoS Attack Halts Heating in Finland Amidst Winter. Metropolitan.fi article DDoS attack halts heating in Finland amidst winter tells that a Distributed Denial of Service (DDoS) attack halted heating distribution at least in two properties in the city of Lappeenranta, located in eastern Finland. In both of the events the attacks disabled the computers that were controlling heating in the buildings (causing them to constantly reboot) thus disabling central heating and warm water circulation. The attacks lasted from late October to Thursday the 3rd of November.The incident was also covered by Etelä-Saimaa newspaper article “Hakkerit iskivät lappeenrantalaisen kiinteistön pannuhuoneeseen” and TiVi article “Verkkoisku kylmensi useita taloja Suomessa – ES: “Lämmitys ja kuuma vesi pois päält䔓.
The heating is now pretty important as Winter has came to Finland, so the temperatures outside are at freezing temperatures – well below zero degrees Celsius. Long-term disruption in heat will cause both material damage as well as the need to relocate residents elsewhere.
According to TiVi article ““Oli vain ajan kysymys” – suomalainen ennusti tuhoisien verkkoiskujen tulon jo 3 vuotta sitten” Professor at Aalto University Jukka Manner of Communications and Networking Department warned already in 2013 that there were approximately 3,000 automation devices connected network without any security. At that time the researchers submitted their report to the authorities in order to warn the owners of the equipment.
Finnish Communications Regulatory Authority Viestintävirasto has been after that been looking for unprotected automation systems on the network and notified owners of the dangers. At summer 2015 Finnish Communications Regulatory Authority Kyberturvallisuuskeskus (cyber security center) was still concerned about the large number of unprotected automation equipment – the numbers had not changed considerably from 2013 to 2015. The results were about the same in research done in 2016. Largest single group account for an ever associated with building automation systems, which were found unprotected around 2000.
According to YLE news article Viestintävirasto: Taloautomaatiojärjestelmiä kaataneen verkkohyökkäyksen takana oli rikollisia Finnish Communications Regulatory Authority estimates that the people behind Lappeenranta house automation systems cyber harassment were cyber criminals: “Our data show that the systems in question were not the actual objects in this case, but these have been used in the implementation of a network attack against European operator.” It seems that the heating control computers started again and again when the attack traffic in the affected their hardware performance too much. “The attack is carried out in such a way that it is controlled by attack traffic through a variety of vulnerable systems, and in this case, these systems have been such that they are used to control house automation. Due to the lack of performance of the system of systems breaking down, causing heat supply disruption.“
It seems that the problems in those cases are related to poor security coupled with poorly designed automation hardware implementation. Maybe the house automation companies should really start to think about security. Remote administration is in many cases a good thing, but only if the data security is not taken care of at a sufficient level. That was now a good warning of the vulnerability of in-securately networked society.
3 Comments
Tomi Engdahl says:
Cold apartment buildings unearthed more – Hackers strike heating
Last week, hackers interfered with two multi-storey heating system in a denial of service attack. However, cases have been significantly increased, and only a part is detected.
Lappeenranta attack suffer a system Fidelix installations. Fidelix equipment did not attack the target substance but rather a middleman, through which sought to drive traffic to the actual attack, as is typical botnet.
Real estate Computers jammed on restart a cycle, which is why the processes behind them have been stopped: This led to the interruption of the heating.
Fidelix Director General Antti Koskinen know that these cases are not the only of its kind.
“One can speak of dozens of cases,” Koskinen starts. “Some of the cases is not understood why the equipment capricious. In others, the attack is over before it has a direct harm, because behind the systems, the processes have not had time to suffer, when parents the threshold is not exceeded. ”
“However, in Finland there are hundreds of potential targets which attacks like this can be done.”
“Building Services is networked with good reason, because it facilitates the maintenance of real estate, for example, makes it possible to react quickly to unexpected problems. Unfortunately, the security and the perception of its importance drag behind, “Koskinen says.
“The problem is that the connection should be safe VPN’s using, but because it is one of the more complex maintenance process, it is often chosen a more direct route and is left deliberately ignored it the security side. It is not considered so important, and now it’s chosen easy road hits back”
“The situation is, however, clearly improving. The real estate sector measures have been taken several years ago, and currently is sold only secure connections, unless the customer one reason or another do not want to specifically otherwise.”
Finnish Communications Regulatory Authority has created guidance on how real estate security should be built from the start.
Source: http://www.tivi.fi/Kaikki_uutiset/kylmentyneineita-kerrostaloja-paljastui-lisaa-hakkerit-iskevat-lammitykseen-6598148
Tomi Engdahl says:
Instructions how to connect building automation safely:
https://www.fidelix.fi/tietoturvaohjeistus/
https://www.viestintavirasto.fi/kyberturvallisuus/tietoturvanyt/2016/11/ttn201611081338.html
Tomi Engdahl says:
Fidelix
https://www.fidelix.fi/