Source: https://www.linkedin.com/feed/update/urn%3Ali%3Ashare%3A6561589026170687488
#IoT: #InternetOfThings : #CyberSecurity #Threats & #Vulnerabilities: ‘An attacker with physical access to hotel’s network, including any guest or visitor, could control systems in every room of the hotel.’
One hotel in London has replaced its “dumb” light switches with a series of #Android tablets, allowing guests to not only control their lighting, but also their television, and even the room’s blinds. However inspecting the network traffic between the tablets and the lighting shows that they use the #Modbus protocol.
Now Modbus is a serial #communication #protocol developed by Modicon in 1979 for use with its programmable logic controllers (#PLCs). It is still in use today by many #SCADA systems, although many Modbus systems now use Modbus #TCP/IP and transmit information over TCP networks rather than serial cables. Notably the Modbus protocol has no #authentication.
In addition the hotel had implemented an #IP #addresses scheme that allowed attackers to map the IP address directly back to an individual hotel room with little difficulty. The result meant that an attacker with physical access to the hotel’s network, in other words any guest or visitor to the hotel, could control systems in every room of the hotel. Regrettably this is far from an isolated incident.