Fritzing all over

I've recently been awarded the pleasure of overseeing the technology upgrade of an HVAC control system from #iLON over to the #BACnet protocol in a large scale building.
Any one in the fediverse have any experiance dealing with the security (or lack there of) in the open protocol. from a quick search I find a few metasploit payloads available, but it seem like there is such low hanging fruit there is no need to exploit. just plug in and own the system.

Am I crazy? (rhetorical question, I am)

Jul 11, 2017 at 10:40pmWeb
Show threadFritzing all overJul 12, 2017

. @Fr1t2 found a #shmoocon video from 2013 discussing the vulnerable protocol with discussion of some python scripts to help pentest #BACnet, but alas no love with my searches. it appears this never went public.

certainly interesting at least that there is some interest in this attack vector. strange there is so little work being done here, publicly.

Show threadFritzing all overJul 12, 2017

@Fr1t2 also all packets are transported via UDP with 0 authentication.

seriously #BACnet is a hot mess