14 DAY TRIAL // Matthew Garrett, a famous programmer and major contributor to various Linux distros, has discovered for himself how dangerous IoT devices truly are these days.
While visiting London for the KubeCon conference, Mr. Garrett was staying at a local hotel. To his surprise, he discovered that his hotel had the bright idea of replacing all its light switches with Android tablets.
The hotel embedded them in the wall, allowing users to control the room's light conditions via touchscreen. A clever idea but one that had the potential of going extremely wrong if proper security measures were not put in place. And they weren't. Otherwise, Mr. Garrett would have not penned a blog post about them, and we wouldn't have written this article in the first place.
The researcher discovered that some tablets were connected via ethernet cables to sockets in the wall. Naturally, he created a transparent bridge, putting his laptop between the tablet and the socket, allowing him to sniff on the traffic exchanged on the network.
Tablets were using an insecure communications protocol
All the traffic was via Modbus, a simplistic communications protocol that featured no authentication. Using the pymodbus Python library, he was able to craft packets that looked like commands for the tablets in his room, but also for other tablets in other rooms.
Mr. Garrett, who was staying in room 714, discovered that the tablet's IP was 172.16.207.14. The IP numbering scheme was simple, and he was able to guess what were the other IPs for other rooms just by changing around with the last numbers of his IP.
"It's basically as bad as it could be - once I'd figured out the gateway, I could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that I could control them as well," Mr. Garrett explained.
Before leaving, the researcher disclosed the issue to the hotel's IT staff, who promised to "do something about the issue."