Bacteria : Attacking Bacnet In Modern Building Automation Systems

Building Automation (BA) systems control critical infrastructure in modern buildings,including HVAC, lighting, and access control, yet are often overlooked from a security perspective. At the heart of many BA networks lies BACnet, a communication protocol developed decades ago to facilitate interoperability between devices from different manufacturers. However, BACnet was not designed with security in mind and lacks core protections such as authentication and encryption. Nevertheless, it remains widely deployed in both commercial and industrial environments. This talk explores the design and security shortcomings of BACnet. It delve in the inherent security weaknesses of BACnet, emphasizing the protocol’s outdated design and the alarming number of devices that are publicly exposed to the internet. In addition, the talk will demonstrate concrete, real-world consequences of what can happen if a malicious actor gains access to a vulnerable BACnet network. Finally It critically evaluates the industry's proposed successor, BACnet Secure Connect (BACnet/SC). The second half presents BACteria a custom-built penetration testing tool designed to target BACnet environments. Featuring scanning reconnaissance, command injection, proxying, capabilities. The tool also offer an advance protocole-aware fuzzing module, enabling the discovery of novel vulnerabilities in embedded BA devices. This session aims to raise awareness about the real-world risks of insecure BA deployments and provide practical insights for researchers and defenders. Anonymous photo of AdriNels