Cybersecurity Videos

All News Deals Social Blogs Videos Podcasts Digests

Cybersecurity Defense

SecTor 2025 | When Hackers Meet Burglars

•May 19, 2026

Black Hat

Black Hat•May 19, 2026

Why It Matters

As physical systems become networked, cyber intrusions can cause immediate real‑world harm—disrupting safety, operations and revenue—so building owners, vendors and security teams must prioritize OT exposure reduction, patching, access controls and integrated defense. Failure to do so leaves critical infrastructure and occupants vulnerable to costly, disruptive attacks.

Summary

Amir, an offensive security specialist, warned that cyberattacks on smart buildings are rising and shifting from data theft to operational disruption—so-called “siegeware”—citing breaches ranging from Target’s HVAC-supply-chain intrusion to recent ransomware and denial-of-service incidents that shut down hotels, schools, and apartment operations. He defined smart buildings as interconnected HVAC, elevators, cameras and access systems controlled by building automation systems (BAS), and showed how many BAS and OT devices are exposed online and often unpatched or using default credentials. Red teams exploit these weaknesses through internet reconnaissance (Shodan), public documentation, misconfigured remote access, Wi‑Fi scanning and physical social engineering to map and infiltrate building networks. The talk concludes by shifting to defensive measures, arguing that security must be built into smart buildings from the start rather than retrofitted afterward.

Original Description

Smart buildings blur the line between IT and physical infrastructure, connecting HVAC, lighting, access control, elevators, cameras, and more under a single "brain" called a Building Automation System (BAS). Drawing on real engagements against Canadian smart building deployments, this talk guides you through a red teaming exercise that uncovers both digital and physical attack paths. You'll see how attackers gather intel, probe entry points, exploit insecure IoT protocols, and seize control of critical systems. We'll examine live scans, protocol abuse and real world video demos.

Finally, we will flip to defense mode, offering a practical blue team playbook. Attendees will leave with an actionable framework rooted in Canadian field experience, for both offensive engagements and OT focused defenses.

By: Amir Hosseinpour | Offensive Security Specialist, White Tuque

https://blackhat.com/sector/2025/briefings/schedule/index.html#when-hackers-meet-burglars-red-teaming-the-smart-building-47597

Comments

Want to join the conversation?

Loading comments...