CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
Chicoyama is a security researcher at Trend Micro/TXOne Networks. Chicoyama has been working for over a decade in the security industry. She previously had developed forensic tools, then shifted the research focus on IoT and ICS related products and protocols. Chicoyama is currently working on ICS vulnerability research and has been credited for multiple ICS-CERT advisories.
#
Nowadays heating, ventilation, and air conditioning (HVAC) system are indispensable in many places, such as hospitals, factories, office buildings and even in residentials. Most of HVAC systems have a Human Machine Interface (HMI) and can be easily managed remotely. While convenience is improved, the security of HVAC control systems is often neglected.
This time, we have investigated popular HVAC control systems that have web-accessible HMIs. During our research, some products were found to be vulnerable to attacks such as credentials disclosure and privilege escalation. Furthermore, many of them could be found on the Internet. Since HVAC control systems are usually connected to other building systems and facility equipment, if HVAC control system is taken over, other systems would be attacked easily. In this session, we will introduce possible attack scenarios and how to mitigate these attacks.