Poor security raises dangers for Internet of Things

In 2016, when security expert Matthew Garrett stayed in a London hotel where the light switches had been replaced by Android tablets, it took him only a few hours to gain access to all of the room's electronics. The steps he followed: plug his laptop into a link in place of one of the tablets; set up a transparent bridge; analyse the data traffic with WireShark to identify the protocol in use; then exploit that protocol. That protocol was Modbus, an old protocol with no authentication. Once Garrett figured out the gateway and how it allocated IP addresses, he was able to access the control systems on every floor and the electronics in other rooms. This incident, and another in which Amazon Echos responded to the use of their wake-up word, "Alexa" during an NPR broadcast about the devices, formed part of a long series of trivial Internet of Things security exploits that began to raise alarms.


Writer: Steven J. Vaughan-Nichols
Publication: ZDNet