Security expert Matthew Garrett was recently found in a hotel that almost all worked on an Android tablet.
Matthew Garrett, a Linux community and security expert working at CoreOS, was found in a London hotel, where the lights switches were replaced by Android tablets recently.
Garrett, a born hacker, decided to look into the matter. A few hours later he managed to acquire access in the electrics of each room.
Αν και ο Garrett είναι ένας εμπειρογνώμονας ασφάλειας, αυτό που κατάφερε δεν απαιτεί ελίτ δεξιότητες hacking. Ο Garrett εξήγησε στο ZDNet ότι απλά αποσύνδεσε το tablet και σύνδεσε το laptop του στην ίδια σύνδεση. Στη συνέχεια δημιούργησε μια διαφανή bridge (transparent bridge).
This is trivial for every Linux network administrator. Then he used a popular application that analyzes network protocols (Wireshark) to analyze the traffic.
He quickly found that the devices were using the protocol Modbus. An ancient, serial protocol used to control logic controllers (PLCs), also known as simple electronic devices.
“Modbus is a pretty trivial protocol, and mostly has no security at all ID cards,” Garrett remarked. Th
Then Tcpdump revealed that the traffic was headed to IPv4 172.16.207.14. A little later, with a pymodbus, Garrett could control his room lights, open and close the TV but the curtains.
He then noticed that his room number was 714 and his IP address was ending at 7.104. Possibly it could be what went through his mind…
And yes, really, he had found out how to get into every day! Yes.
He resisted, of course, the temptation to open the lights, televisions and curtains of his neighbors.
Yes, Garrett is a security professional, but the skills we mentioned above could have a kiddie script.
However, you understand that although the above event was fun, it could have had very bad results if the hacker had malicious purposes.
But it is a reality that comes. Though thousands of IOT devices are manufactured, few are interested in safety.
The Internet of Things is the future, it also announced the first Star Trek, where computers were everywhere and could work with people with voice commands.
But reality is not so much fun.
The Director of the National Intelligence Service (NSA) of USA James Clapper recently warned that "Devices should be designed with at least minimum security requirements, as an ever-increasing complexity of networks could lead to widespread vulnerabilities of civilian infrastructure and US government systems."
Few? IoT devices without integrated security. If we do not require IoT devices to have real security (not tomorrow, today) we will see a wave of crime that we have never seen before.