Swedens largest newspaper Dagens Nyheter just revealed severe security breaches on buildings in Sweden not only apartment buildings but also police offices and other important builings have their systems open to internet.
The problem is that the building automation equipment is more and more sophisticated and unskilled personnel in combination with por design makes it hard to enforce any security.
End users need access to the washing booking systems o you open a web port on the firewall.
Operators need access to a ventilation unit.
Installers don’t know where to put the passwords so they leave the default ones.
In an average building today it is only a poorly configured internet modem/firewall that keeps the systems from being accessed from internet. And when several holes are drilled in it to gain access it is easy to gain access and control many of the systems.