Blended Threats: Holding Buildings Hostage

11 August 2020

In a blog post on 08 Aug, security researchers at SenintelLabs (@LabsSentinel; the Threat Intelligence and Malware Analysis team for @SentinelOne), wrote, “‘HDL Automation’ is an international tech company, whose core business is in the field of smart home, buildings, hotels and other intelligent control systems… HDL projects include smart controllers for lights, windows, cameras, and other sensor activation.” In their findings, the team shares a “unique dive into the world of smart devices and automation…” and “show how a hacker could remotely control/change arbitrary smart control systems and  their configurations.” Important to note, SenintelLabs worked with HDL to properly disclose and address the vulnerabilities prior to publication and sharing findings at this year’s DEF CON.

At Gate 15, we spend a lot of time discussing Blended Threats. A Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

Reading further in the post, the researchers detail some of the ways a nefarious actor could impact IoT devices from afar, including lights, temperature and security cameras. The post offers technical analysis and a number of interesting observations. Of particular interest as they relate to the idea of blended threats are two possibilities presented.

A well-coordinated attack could include the disabling of connected lights and security cameras prior to the conduct of a hostile event (i.e., active shooter). An already challenging response and potential investigation could be even further frustrated if physical attackers had support from remote attackers as well.

Less violently but perhaps more interestingly as we continue to observe ransomware actors develop new tactics, techniques and procedures to pressure victims into paying quickly, the post notes attackers could change “passwords to all accounts to be blocked only known by attacker and removing configuration (encrypting it beforehand so attacker can also use this as a kind of blackmail).

Additionally, other potential physical damage is identified to include impacts to cooling and heating systems (which can used to compromise evidence or research) and more.

We encourage you to the complete post and find out more about the ways in which physical systems can be compromised. As we write this post we continue to apply our threat-informed, risk-based approach to analysis, preparedness and operations as we are working with partners in developing a series of workshops looking at a threat scenario not unlike some of the impacts detailed in the article. As the environment changes, our preparedness activities needs to keep pace.

Understand the Threats. Assess the Risks. Take Action.

Understand the threats! Subscribe to our free daily paper and subscribe to our podcasts!

Take action! Our team is here to help you build the relationships and capabilities you need and to assist in the development of plans, training, and exercises to support your ability to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk to your organization in our complex, all-hazards environment.