Black Hat Europe 2025: Was that device designed to be on the internet at all?

This presentation from Black Hat Europe 2025 highlights a critical security concern regarding modern building infrastructure. The core message emphasizes that many contemporary structures rely on outdated systems that were never designed to be internet-facing. These legacy components introduce significant vulnerabilities within otherwise polished environments. Security professionals must recognize that physical building systems often lack modern security controls, creating easy entry points for potential adversaries. The severity lies in the widespread nature of this issue across various industries utilizing smart building technologies. Mitigation strategies should focus on network segmentation, rigorous asset inventory, and isolating legacy systems from public networks. Organizations are urged to audit their operational technology environments immediately. While no specific threat actor or malware is identified, the systemic risk poses a high potential for compromise. Proactive defense measures are essential to prevent exploitation of these inherent design flaws in modern infrastructure.

Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found

This presentation from Black Hat Europe 2025 highlights a critical security concern regarding modern building infrastructure. The core message emphasizes that many contemporary structures rely on outdated systems that were never designed to be internet-facing. These legacy components introduce significant vulnerabilities within otherwise polished environments. Security professionals must recognize that physical building systems often lack modern security controls, creating easy entry points for potential adversaries. The severity lies in the widespread nature of this issue across various industries utilizing smart building technologies. Mitigation strategies should focus on network segmentation, rigorous asset inventory, and isolating legacy systems from public networks. Organizations are urged to audit their operational technology environments immediately. While no specific threat actor or malware is identified, the systemic risk poses a high potential for compromise. Proactive defense measures are essential to prevent exploitation of these inherent design flaws in modern infrastructure. Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found