Poor procedure for installing Building Management Systems (BMS) is making it easy for hackers to use the Internet of Things to tamper with the heating systems of schools – and also universities, government offices, military bases, fire stations, restaurants, retailers and businesses in general.
Due to general lack of authentication and low security settings, hackers have no difficulty in exploiting vulnerabilities in building control systems linked to the IoT – of which there are more and more around. Faults mostly stem from poor installation rather than faulty products – for instance when devices are left exposed on the public internet rather than isolated subnets. Or when factory default passwords are not changed upon installation. You know, the basics.
This threat is not exclusively confined to heating systems either. It can also affect door access controls, alarm systems, ventilation, air conditioning – anything managed remotely and automatically via internet connection. Experts recommend employing companies schooled in security best practice to undertake the original installation of the system and its subsequent management.