KNX is the only worldwide recognized open standard for domestic and commercial building automation. It is a communication protocol with which home security, air conditioning, lighting and heating can all be centrally managed and controlled. KNX systems are often used for managing and securing large, expensive homes and high-end office buildings.
The KNX standard does not provide any form of authentication - and it is not even included in the design. KNX networks become vulnerable when they are connected to the internet. Hackers can easily access the network and control remotely.
17.444 vulnerable locations
We performed a security scan and found that worldwide there are 17.444 buildings that are relatively easy for a hacker to access and control, as their systems have been connected directly to the internet.
Germany and Spain are at the top of the list with 1.821 and 1.813 locations respectively. The Netherlands is third with 1.322 affected locations, with Amsterdam topping the list within our country with the most buildings with a KNX system.
Our security scan further showed that vulnerable building management systems based on the KNX standard can also be found in China, the United States and Russia.
How can you fix the vulnerability?
The KNX network becomes vulnerable when the internal network is connected to the internet. Users of KNX systems can fix the vulnerability relatively easily themselves by not opening up the port in the system or by adjusting the settings of the firewall.
It would seem that many KNX users as well as professional installers of KNX based systems are not yet fully aware of the risks and/or don't know how to safely install KNX devices.
knxscan.com online scan to check for vulnerabilities
Do you want to check whether your house or office building is affected by this vulnerability? Use the online tool www.knxscan.com we have developed based on our security scan to find out whether you need to take action. On the website you can get an instant report on whether your building is affected.
Read our press release here and here you can find out more about the site knxscan.com.