Black Hat Europe 2025: Was that device designed to be on the internet at all?

This Black Hat Europe 2025 talk addresses the security risks associated with internet-connected devices embedded within modern building infrastructure. Researchers highlight that behind the facade of modern architecture, numerous outdated systems and devices contain unpatched vulnerabilities that were not designed with internet connectivity in mind. These building automation systems, including HVAC, lighting, and access control systems, represent an expanding attack surface. The presentation emphasizes the need for organizations to inventory connected devices, implement network segmentation, apply security patches, and reconsider which devices truly require internet connectivity to reduce exposure to potential exploitation.

Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found

This Black Hat Europe 2025 talk addresses the security risks associated with internet-connected devices embedded within modern building infrastructure. Researchers highlight that behind the facade of modern architecture, numerous outdated systems and devices contain unpatched vulnerabilities that were not designed with internet connectivity in mind. These building automation systems, including HVAC, lighting, and access control systems, represent an expanding attack surface. The presentation emphasizes the need for organizations to inventory connected devices, implement network segmentation, apply security patches, and reconsider which devices truly require internet connectivity to reduce exposure to potential exploitation. Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found