10.11.2021, 20:40
(10.11.2021, 14:12)Erwin van der Zwart Wrote: For those who have missed the news article of knx.org: https://www.knx.org/knx-en/for-professio.../index.php
What is missing in this message is what the hackers are doing at this moment, and why it is so critical to close port 3671 for public access.
Currently hackers are scanning for open ports to unprotected KNX installations and when found they scan for all the bus devices from any brand/manufacturer and delete the programming of the device, next to that they enable the BCU password on the affected devices and make it impossible to re-program the device. In theory this means the device is locked and must be replaced.
As you understand this brings high costs for labor and hardware and the original latest programming must be available. Last week there are several cases i have heared of in different countries and different product ranges/manufacturers.
This is why we keep pushing for avoiding open ports as this is a quick and dirty approach and put you and your customers at high risk for these threats.
For remote access use appropiate measurements like VPN and KNX IP secure and move away from the dangerous port forwarding method!
Confirmed..... Avoid the opening of the port 3671 on the client router. It is very dangerous.