A lack of network security has been discovered in a London hotel.
Linux and security expert Matthew Garrett of CoreOS was in town for the Kubecon Kubernates conference when he found the light switches in his hotel room were replaced with Android tablets to control lighting and other room functions.
Garrett did some investigating and set up a transparent bridge between the tablet and the wall so his laptop was able to analyse traffic between the two. He discovered that the tablet was running the Modbus control protocols and found the IP address being used was 172.16.207.14. His room number was 714, and the IP address ended in 7.14.
Before he knew it, he had access to the electronics in each room of the hotel. Garrett said, “It's basically as bad as it could be – once I'd figured out the gateway, I could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that I could control them as well. Hotels are happily deploying systems with no meaningful security, and the outcome of sending a constant stream of ‘Set room lights to full' and ‘Open curtain' commands at 3am seems fairly predictable.”
ZDNet claimed that Garrett didn't need any of those skills to hack the hotel system, despite being a security pro. Anyone with network savvy could have done the same.
Garrett has chosen not to reveal the name of the London hotel. They promised him that they'd take action and do something about the issue.