Smart Buildings

Giving Greater Significance To The Threat Of Cyber Attacks On Smart Buildings

"Technology is changing the most fundamental truth about commercial real estate, that value is based solely on location,” according to Deloitte. Offering a workplace in a good location is no longer enough to attract the top tenants, nor is it enough for those organizations to entice the best talent. Leading companies and their workers are increasingly demanding smarter offices. “The Internet of Things (IoT) is now fostering new avenues of value creation for customers, greater differentiation from competitors, and fresh sources of revenue for commercial real estate through the collection and use of information,” Memoori discussed in April last year, within an article entitled ‘3 New Rules of Real Estate: Information, Information, Information.’ As such, commercial buildings have become the highest users of IoT technology, according to Gartner, and our own research projects that the combined global market for the IoT in Buildings will grow from its $26.65Bn level in 2015 to $75.5Bn by 2021, […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

"Technology is changing the most fundamental truth about commercial real estate, that value is based solely on location,” according to Deloitte. Offering a workplace in a good location is no longer enough to attract the top tenants, nor is it enough for those organizations to entice the best talent. Leading companies and their workers are increasingly demanding smarter offices.

“The Internet of Things (IoT) is now fostering new avenues of value creation for customers, greater differentiation from competitors, and fresh sources of revenue for commercial real estate through the collection and use of information,” Memoori discussed in April last year, within an article entitled ‘3 New Rules of Real Estate: Information, Information, Information.’

As such, commercial buildings have become the highest users of IoT technology, according to Gartner, and our own research projects that the combined global market for the IoT in Buildings will grow from its $26.65Bn level in 2015 to $75.5Bn by 2021, at a CAGR of 20.7%. IoT devices and infrastructure provide a host of benefits but with that also comes vulnerability to cyber attack.

In early 2017 the Romantik Seehotel Jaegerwirt, a 4-star hotel in Austria, was the victim of cyber attack. The hackers managed to disable the hotel’s electronic key system thereby locking guests in or out of their rooms, as well as disrupting the hotel’s reservation and cash desk systems. The cyber criminals then demanded a €1500 ransom for undoing the damage that had brought the facility to a standstill.

“The hotel was totally booked with 180 guests. We had no other choice. Neither police nor insurance companies can help you in these circumstances,” the hotel’s managing director said when justifying their decision to pay the ransom.

In the US, market leading InterContinental Hotels Group Plc annouced that 1,200 of its franchises - including the Holiday Inn, Crowne Plaza, Hotel Indigo, Candlewood Suites and Staybridge Suites - were victim of a prolonged cyber attack aimed at obtaining customer payment card data. “The breach lasted a month,” said InterContinental spokesman Neil Hirsch, who did not clarify the financial impact or whether losses were covered by insurance.

It is not just the hotel industry that has suffered the effects of cyber attack on smart building systems. A massive data theft at the US retail giant, Target, all started with hackers finding their way into the firm’s network using the access credentials of a company that remotely maintained the retailer’s heating, ventilation and air conditioning (HVAC) system - as we reported in an article named, ‘The Very Real Cyber Security Threat in Smart Buildings.’

Very recently, researchers at IoT security firm Senrio discovered a serious flaw in a commonly used code library known as gSOAP. Named ‘the Devil's Ivy flaw’, it has exposed millions of IoT devices, such as security cameras, to a remote attack. Senrio found the issue when testing the remote configuration services of the M3004 dome camera from Axis Communications. They were then able to reboot the camera, change network settings, block the owner from viewing the video feed, and even reset the camera to factory default - allowing them to change the credentials, and gain exclusive access to the camera feed.

Senrio, estimates there are approximately 14,000 Axis cameras exposed on the internet. Axis Communications confirmed that 249 of its 251 surveillance camera models were affected by the flaw, tagged as CVE-2017-9765. On July 10th it released a firmware update to address the issue.

"Products exposed and accessible from public Internet (via router port-forward or UPnP NAT) are at much higher risk and need immediate attention," Axis notes in its advisory, which also states that it believes the risk is "limited" for cameras behind a firewall.

Be it Devil’s Ivy, WannaCry, ExPetr or Mirai, cyber attacks on IoT devices and smart building systems are increasing. Before racing into the connected, cyber physical world, organizations need to seriously consider the vulnerability they open up and whether benefits justify that risk. Those benefits maybe to hard to ignore but the same mentality must be given to the threat of cyber attack.

As mentioned in our recent report ‘Cyber Security in Smart Commercial Buildings 2017 to 2021’: “This rise of the IoT offers up tangible business benefits and tantalizing new opportunities for innovative business approaches, but these need to be carefully weighed up against the potential risks of increased cyber security vulnerability.”

[contact-form-7 id="3204" title="memoori-newsletter"]

Most Popular Articles

Schneider Electric Smart Buildings 2023
Smart Buildings

Schneider Electric Smart Buildings Business & Financials 2023 Examined

In this Research Note, we examine the Smart Buildings business of Schneider Electric, based on their 2023 Full Year Results, presentations, Q3 and Q4 earnings calls. Significant partnerships, acquisitions and divestments in the smart buildings space are also highlighted throughout 2023. Schneider Electric Energy Management Division The Buildings end market of Schneider Electric is addressed […]

ABB Smart Buildings 2023
Smart Buildings

ABB Smart Buildings Business 2023 Examined

In this Research Note, we examine the Smart Buildings business of ABB, based on their February 2024 Factsheet and building automation portfolio, acquisitions, divestments and investments throughout 2023. This article updates our 2022 Examined article published in March 2023 and the Capital Markets Day update for Smart Buildings in December 2023. The Smart Buildings division, […]

UK Green Building Council Progress Report
Energy

“Our Industry is Not Moving Fast Enough” – UK Green Building Council

The United Kingdom (UK) is falling behind in its projected green building roadmap according to the UK’s Green Building Council’s (UKGBC) progress report. The initial 2021 roadmap demanded a 19% drop in emissions over the past four years but the latest data shows just a 13% fall, more than 30% short of the target reduction. […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy