Cybersecurity Information Sharing Information Technology

FBI Warns Unsecure Communication Port Leaves Buildings Vulnerable to Cyber Attacks

December 29, 2018

A commonly used communication port for building control systems leaves their system data vulnerable to cyber attacks from hackers, according to an FBI industry advisory obtained by Cyberscoop. As cyber threats and attacks become more diverse against Internet-connected buildings, the use of Port 1911, also known as the Fox Protocol, has shed light on a cybersecurity issue that threatens businesses, universities and other private-sector entities across the country and around the world.

“This default port discloses system information without authenticating, allowing cyber attackers to identify devices and systems that are not patched against known exploits,” the FBI alert says, according to Cyberscoop. “Successful exploitation could lead to data leakage and possible privilege escalation.”

The port was developed by Richmond, Va.-based Tridium Inc., which has connected to more than 11 million devices around the globe, and developed the groundbreaking Niagara Framework allowing “plant managers to view video streams, high-rise superintendents to operate air conditioners and elevators, security officials to track personnel inside U.S. military facilities, and nurses to monitor medical devices in hospitals,” according to the Washington Post.

It is not clear if any systems have yet been compromised, although security issues with the Fox protocol can be traced back to 2012, after Tridium’s Niagara was downloaded more than 300,000 times. In July 2012, the Department of Homeland Security issued an alert on Tridium’s cyber vulnerabilities.

Tridium said in a statement that the FBI advisory is outdated, and that it refers to “old vulnerabilities that were responded to and resolved with security updates and patches when they were first identified,” according to Cyberscoop. “We will continue to assess and test the effectiveness of our products and solutions.”

FBI warns industry that hackers could probe vulnerable connections in building systems https://t.co/AjPAhevWOS #hacking #cybersecurity #ITSEC

— Cadre Info Security (@CadreInfoSec) December 27, 2018

James Cullum

Multimedia journalist James Cullum has reported for over a decade to newspapers, magazines and websites in the D.C. metro area. He excels at finding order in chaotic environments, from slave liberations in South Sudan to the halls of the power in Washington, D.C.

See Full Bio

GAO: Report Highlights DoD Challenges in Counternarcotics Coordination and Effectiveness Assessment

Valens Global Launches New Practice Group to Tackle Digital Threats and Harness Opportunities

Heather Carr Spearheads Civilian IT Growth at Leidos as New Strategy Lead

Steven Hulsey Joins SAP in Managing Partner Role

GAO: Report Highlights DoD Challenges in Counternarcotics Coordination and Effectiveness Assessment

DHS FY25 Budget Proposal: Seeking Resources to Enhance Homeland Security

DHS Launches “Know2Protect” Campaign to Combat Online Child Exploitation

GAO: DHS Streamlines Internal Collaboration to Enhance Information Sharing and Threat Response

FBI Warns Unsecure Communication Port Leaves Buildings Vulnerable to Cyber Attacks

Related Articles

OPINION: Countering Chinese Cyber Threats of Tomorrow Demands We Prepare Today

Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow

DOD Cyber Officials Detail Progress on Zero Trust Framework Roadmap

LEAVE A REPLY Cancel reply

Latest Articles

OPINION: Countering Chinese Cyber Threats of Tomorrow Demands We Prepare Today

Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow

DOD Cyber Officials Detail Progress on Zero Trust Framework Roadmap

Focus on New U.S. Maritime Cyber Security Regulations

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse