Security expert Matthew Garrett was recently found in a hotel that almost all worked on an Android tablet.
Matthew Garrett, a Linux community and security expert working at CoreOS, was found in a London hotel, where the lights switches were replaced by Android tablets recently.
Garrett, a born hacker, decided to look for the matter. A few hours later he managed to gain access to the electrics of each room.
Although Garrett is a security expert, what he accomplished doesn't require elite hacking skills. Garrett explained to ZDNet that he simply unplugged the tablet and plugged his laptop into the same connection. Then he created a transparent bridge (transparent bridge).
This is trivial for every Linux network administrator. Then he used a popular application that analyzes network protocols (Wireshark) to analyze the traffic.
He quickly found that the devices were using the Modbus protocol. An ancient, serial protocol used to control logic controllers (PLCs), also known as simple electronic devices.
"Modbus is a pretty trivial protocol, and mostly it has absolutely no identity security," Garrett remarked. Θ
Then Tcpdump revealed that the traffic was headed to IPv4 172.16.207.14. A little later, with a pymodbus, Garrett could control his room lights, open and close the TV but the curtains.
He then noticed that his room number was 714 and his IP address was ending at 7.104. Possibly it could be what went through his mind…
And yes, really, he had found out how to get into every day! Yes.
He resisted, of course, the temptation to open the lights, televisions and curtains of his neighbors.
Yes, Garrett is a security professional, but the skills we mentioned above could have a kiddie script.
However, you understand that although the above event was fun, it could have had very bad results if the hacker had malicious purposes.
But it is a reality that comes. Though thousands of IOT devices are manufactured, few are interested in safety.
The Internet of Things is the future, it also announced the first Star Trek, where computers were everywhere and could work with people with voice commands.
But reality is not so much fun.
US National Intelligence Service (NSA) Director James Clapper recently warned that “Devices should be designed with at least the minimum requirements security, καθώς μια συνεχώς αυξανόμενη πολυπλοκότητα των δικτύων θα μπορούσε να οδηγήσει σε εκτεταμένα vulnerabilities civilian infrastructure as well as US government systems.”
Few? That is, IoT devices without built-in security. Unless we require IoT devices to have real security (not tomorrow, today) we will see a crime wave that we have never seen before.