Claroty Team82 warns of growing cybersecurity risks in legacy LonTalk protocols across BMS deployments

Staff Editor 2026-02-20
Claroty Team82 warns of growing cybersecurity risks in legacy LonTalk protocols across BMS deployments

Claroty Team82 warns of growing cybersecurity risks in legacy LonTalk protocols across BMS deployments

https://industrialcyber.co/threat-landscape/claroty-team82-warns-of-growing-cybersecurity-risks-in-legacy-lontalk-protocols-across-bms-deployments/

Publish Date: 2026-02-20 08:46:00

Source Domain: industrialcyber.co

Claroty’s threat research team, Team82, has uncovered fresh cybersecurity concerns tied to the LonTalk protocol, a foundational communication standard used deep within many building management and automation systems. Originally developed in the 1990s for isolated, serial device networks, LonTalk still exists in legacy BMS (building management systems) deployments even as modern systems migrate toward IP‑based architectures. As these older protocols are exposed to enterprise networks and the internet without adequate protection, they introduce a broad attack surface that malicious actors can exploit, especially given documented and undocumented security gaps and the end of dedicated silicon support for core components. 

Team82’s analysis highlights how the persistence of LonTalk in critical infrastructure such as HVAC (heating, ventilation, and air conditioning), lighting, energy controls, and other facility systems is creating real risk as digital integration accelerates, demanding renewed attention to hardening legacy protocols in operational environments.

“The LonTalk protocol is versatile, capable of operating over multiple physical topologies using media such as twisted pair wiring, power lines, and radio frequency,” Amir Zaltzman, senior vulnerability researcher at Team82, wrote in the Thursday blog post. “Later implementations standardized LonTalk over IP through the CEA-852 standard. Beyond data exchange, LonTalk provides network management and diagnostic services, enabling integrators to commission devices, assign addresses, monitor node status, and clear error logs directly through the protocol.“

The LonTalk protocol, developed in the early 1990s by Echelon Corp. of Massachusetts, was widely used for device-to-device communication in building automation and management systems, but it has largely been supplanted by the more modern and secure BACnet standard. Despite this, LonTalk remains embedded in many proprietary BMS…

Source

More Stories

Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Gaming soundbar can be hijacked from over 16 yards away without touch or pairing — the company allegedly refuses to label the blatant security flaw a cybersecurity risk

Staff Editor 2026-06-06
White House EO Seeks Early Evaluation of Frontier AI Models

White House EO Seeks Early Evaluation of Frontier AI Models

Staff Editor 2026-06-06
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy