Security expert Matthew Garrett was recently found in a hotel that almost all worked on an Android tablet.
Matthew Garrett, a Linux community and security expert working at CoreOS, was found in a London hotel, where the lights switches were replaced by Android tablets recently.
Garrett, born hacker, decided to look into the matter. A few hours later he managed to gain access to the electrical in each room.
Although Garrett is a security expert, what he has managed does not require elite hacking skills. Garrett explained to ZDNet that simply disconnected the tablet and connected his laptop to the same connection. Then he created a transparent bridge.
This is trivial for any Linux network administrator. Then he used a popular application which analyzes network protocols (Wireshark) to analyze traffic.
He quickly found that the devices were using the protocol Modbus. An ancient, serial protocol used to control logic controllers (PLCs), also known as simple electronic devices.
“Modbus is a pretty trivial protocol, and mostly has no security at all ID cards,” Garrett remarked. Th
Then Tcpdump revealed that the traffic was headed to IPv4 172.16.207.14. A little later, with a pymodbus, Garrett could control his room lights, open and close the TV but the curtains.
He then noticed that his room number was 714 and his IP address was ending at 7.104. Possibly it could be what went through his mind…
And yes, really, he had found out how to get into every day! Yes.
He resisted, of course, the temptation to open the lights, televisions and curtains of his neighbors.
Yes, Garrett is a security professional, but the skills we mentioned above could have a kiddie script.
However, you understand that although the above event was fun, it could have had very bad results if the hacker had malicious purposes.
But it is a reality that comes. Though thousands of IOT devices are manufactured, few are interested in safety.
The Internet of Things is the future, it also announced the first Star Trek, where computers were everywhere and could work with people with voice commands.
But reality is not so much fun.
US National Intelligence Service (NSA) Director James Clapper warned recently that "Devices should be designed with at least minimum security requirements, as an ever-increasing complexity of networks could lead to widespread vulnerabilities of civilian infrastructure and US government systems."
Few? IoT devices without integrated security. If we do not require IoT devices to have real security (not tomorrow, today) we will see a wave of crime that we have never seen before.