Legacy Building Protocol Poses Growing Cyber Risk
Claroty's Team82 research unit is warning of increasing cybersecurity risks associated with the legacy LonTalk protocol, which is widely used in building management systems (BMS). The report highlights that these deeply embedded and often-overlooked systems in commercial and industrial facilities represent a significant and growing attack surface for critical infrastructure.
- The LonTalk protocol was developed by Echelon Corporation in the early 1990s and became a standard for building automation, used in functions like lighting, HVAC, and security systems. It is now recognized as the ISO/IEC 14908 standard. - Originally, LonTalk was designed for isolated, serial device networks and not for modern IP-based networks, which leaves it lacking in contemporary security features. The protocol can operate over various media, including twisted-pair wiring, power lines, and radio frequency. - A key component of early LonTalk systems was the "Neuron chip," a dedicated integrated circuit with three processors that handled the protocol's implementation in hardware. However, this dedicated silicon was declared end-of-life in 2025, marking a shift to software-based solutions. - The transition to carrying LonTalk traffic over IP networks (CEA-852 standard) has significantly expanded the attack surface, exposing these legacy systems to modern network-based threats. Many of these IP-connected devices expose the LonTalk service on default ports and often use weak or default MD5 keys for any signature-based protection that is enabled. - While newer and more secure open standards like BACnet have largely supplanted LonTalk in new installations, it remains deeply embedded in many existing proprietary building management systems. - The decentralized, peer-to-peer architecture of LonTalk, where devices can communicate directly without a central master, was innovative for its time but also introduces complexities in securing the network. - Specific security risks include the potential for undocumented vulnerabilities in proprietary deployments of the protocol, which can be exploited as more of these building management systems are connected to the internet for cloud-based management. - The vulnerabilities are not just theoretical; they pose a real risk to critical infrastructure in sectors like commercial real estate, data centers, and retail, where BMS controls essential services.
