Insights, Tips, and Trends for UK SMEs

Stay informed with practical advice on AI, automation, cybersecurity, and business efficiency

← Back to Insights

Building Automation Systems at Risk

5 min read • Cyber Security • 2025-02-24



Shodan Exposes Building Automation Systems

Back on Shodan again, this time highlighting the potential risks to Building Automation Systems (BAS). When I refer to BAS, I am talking about HVAC systems, lighting controls and security cameras—the essential infrastructure that keeps buildings running smoothly in the background.

These systems often use specialised protocols to communicate. Unfortunately, many of them—potentially all of those shown on the map below—are exposed to the public internet and are therefore vulnerable to cyberattacks.

Shodan Map showing exposed building automation systems in London

A visualisation of exposed building control protocols across the London area.

The Vulnerability Landscape

Public visibility for these systems raises serious questions. It is like leaving your apartment window wide open in a busy city: nothing might happen, but the risk is undeniably present. The primary threats include:

  • Unauthorised Access: An attacker could gain control and manipulate systems—tweaking HVAC settings in a skyscraper, disabling security cameras or impacting critical infrastructure.
  • Data Exfiltration: These systems store building occupancy logs and energy consumption metrics. A breach could lead to significant privacy violations.
  • Operational Disruption: Even without malicious intent, vulnerabilities can lead to malfunctions, power surges or access control failures.

Mitigating the Risks

These risks are manageable with proactive security measures:

  • Network Segmentation: Isolate sensitive systems from the open internet using a separate, secure network.
  • VPNs for Remote Access: Use encrypted tunnels to prevent unauthorised entry to underlying systems.
  • Firewall Management: Strictly configure gatekeepers to filter and restrict incoming traffic.
  • Patching: Keep specialised software up to date to address known vulnerabilities that are often overlooked.
  • Strong Authentication: Implement multi-factor authentication (MFA) and robust password policies.

Conclusion

The Shodan map of London serves as a vital reminder to be vigilant about securing connected infrastructure. Cyberattacks are becoming increasingly frequent, yet many can be avoided through the application of trusted cybersecurity procedures.

Is Your Building Infrastructure Exposed?

Don't wait for a disruption to secure your BAS. Use our free tools to check your public footprint or contact us for a professional audit.

Access Free Security Tools

Related Insights

Cyber Security Workshop at Co Accounting, Norwood

Cyber Security

Read Article →

Simplifying Security: Why Your SME Needs an All-in-One Cyber Solution

Cyber Security

Read Article →

Cyber Security for Small Business

Cyber Security

Read Article →

Ready to See AI in Action?

Book a free demo and discover how AI agents can transform your operations.

Book Your Free Demo Explore Services