A security expert exploited a weak serial communications protocol used in a hotel where he was staying and found he was able to control every room’s light switches, TV, and curtains.
Matthew Garrett, a Linux and security expert, explains in a blog post that he was staying in a hotel while attending KubeCon in London, when he noticed something interesting: his hotel room used Android tablets instead of light switches, and two of the tablets next to the bed had Ethernet cables plugged into the wall.
Curious, Garrett borrowed some USB ethernet adapters and used them to set up a transparent bridge. An analysis using Wireshark revealed the traffic transmitted between the tablets and the wall was structured to the Modbus protocol over TCP, a weak protocol that doesn’t require any authentication. Using pymodbus, the security expert was able to play around with his room’s lights, curtains, and TV.
It was then, however, that the expert noticed he was communicating with the IP address 172.16.207.14. He was staying in room 714 - the last three digits of that IP address.
At that point, the true meaning of his discovery came to him:
“It’s basically as bad as it could be. Once I’d figured out the gateway, I could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that I could control them as well.”
Clearly, some prankster could use Garrett’s discovery to annoy the living daylights out of all of the hotel’s residents by turning everything on in the middle of the night.
But as noted by The Register, a more insidious character could leverage that level of control to infer who was in their rooms, knowledge which they could act upon if they were looking to break in and steal personal items while a room’s residents were away.
Garrett chose neither of these paths. Instead he alerted the hotel, the name of which he has intentionally withheld. The hotel’s staff, in turn, has reported that it is working on a fix for the issue.
These Android tablet light switch replacements join the ranks of a number of other Internet of Things (IoT) devices that have proven to be vulnerable.
Such shortcomings in IoT security have some top officials in the United States worried. ZDNet reported the views of U.S. Director of National Intelligence James Clapper:
“Devices, designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US government systems.”
To enhance the security of IoT devices, it is the responsibility of Garrett and other researchers to report on these types of glaring vulnerabilities.
It is then up to ordinary users to demand more of these smart things’ manufacturers and to urge them to build their devices with security in mind.