Hotel Experience With Android Lightswitches (dreamwidth.org)

← Back to Stories (view on slashdot.org)

Hotel Experience With Android Lightswitches (dreamwidth.org)

Posted by BeauHD on Saturday March 12, 2016 @08:56AM from the insecure-home-automation-deployment dept.

jones_supa writes: The hotel in which Matthew Garrett was staying at, had decided that light switches are unfashionable and replaced them with a series of Android tablets. In his tour to the system, one was quickly met with a glitch message "UK_bathroom isn't responding." Anyway, two of the tablets had convenient-looking ethernet cables plugged into the wall, so MacGyver began hacking. He managed to borrow a couple of USB ethernet adapters, set up a transparent bridge and then stick his laptop between the tablet and the wall. Tcpdump showed traffic, and Wireshark revealed that it was Modbus over TCP. Modbus is a pretty trivial protocol, and does not implement authentication. The Pymodbus tool could be used to control lights, turn the TV on/off, and even close and open the curtains. Then he noticed something. His room number was 714. The IP address he was communicating with was 172.16.207.14. They wouldn't, would they? Indeed, he could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that he could control them as well.

111 comments

Min score:

Reason:

Sort:

A solution in search of a problem.. by toonces33 · 2016-03-12 09:01 · Score: 1

It just seems daft to me that this is just pointless complexity.
1. Re:A solution in search of a problem.. by Locke2005 · 2016-03-12 10:11 · Score: 1
  
  The "problem" it is solving is energy efficiency; they can shut off everything in the room as soon as occupant leaves. Eventually it will become cheaper and more reliable.
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
2. Re:A solution in search of a problem.. by Anonymous Coward · 2016-03-12 10:40 · Score: 0
  
  Yeah .... because that feature is currently unavailable and has never being used.
  Have you ever stayed in a good hotel? Pretty much every good hotel in the planet already has sensors that shut everything (including the TV) when a person is not in the room.
3. Re:A solution in search of a problem.. by ericloewe · 2016-03-12 10:42 · Score: 1
  
  You're right. Maybe they could issue something to their guests that they can use to tell the system they're in the room. Maybe they could even be used to open the door!
  Oh, wait, you're not right after all. You're just reinventing the hotel keycard switch, but with added complexity and dubious benefits.
4. Re:A solution in search of a problem.. by DavidRawling · 2016-03-12 10:42 · Score: 2
  
  That's a ~95% solved problem and has been for decades. Room key on thick plastic block, block goes in a cradle inside the door, activating power to the room. Pull the key to leave and everything goes off.
  Worked in the 90's at least when I started traveling for work, and it wasn't just in big city hotels then. Perspex blocks don't have to be smudge-free, don't need extra power of their own, won't break down, are significantly cheaper, can't be trivially hacked to screw with every other room in the hotel - no this is a solution looking for a problem.
5. Re:A solution in search of a problem.. by nnull · 2016-03-12 10:54 · Score: 1
  
  It already is cheaper and reliable, using just regular light switches. There are plenty of lighting control systems built for this purpose for hotels. This was just someone in management who thought it would be a cool idea to replace the light switches and whatever else with tablets, since those lighting controls have modbus TCP or Ethernet/IP where you can control it all from your computer. I mean, it's a cool idea, but needs more thought put into it for just serving as a light switch.
  
  And in most cases, this person could have hacked the lights in every room whether it was a regular light switch or a tablet, it wouldn't matter. I find a lot of hotels run their whole control system on the same LAN network. Every hotel I've been so far, I've found the lighting control system on the network, unsecured, default password (Hell, I find the security camera DVR's too!). A lot of the installers of these systems are general contractors and electrical contractors who don't know a thing about network security to even care. In fact, I find a lot of these contractors will ask them to open a port in their firewall and I can access these systems from outside! The management sees it work, they don't care about anything else.
  
  And by the way, these lighting control systems are now a requirement in certain states like California and a lot of countries, such as England.
6. Re:A solution in search of a problem.. by Megane · 2016-03-12 11:16 · Score: 1
  
  I've done development work on commercial lighting systems, and the system as described in TFA sounds like a total and complete toy. Unencrypted Modbus over TCP? Android tablets? IP addresses that clearly indicate which room is which? Sheesh. But again, that was in London, and the systems I worked on were for the US market with no effort toward international sales other than a nod to Canada (California's energy regulations drive a of the designs in the US lighting control business), so they probably just don't have as many options available.
  
  --
  #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
7. Re:A solution in search of a problem.. by Megane · 2016-03-12 11:22 · Score: 1
  
  Room key on thick plastic block, block goes in a cradle inside the door, activating power to the room. Pull the key to leave and everything goes off.
  Do you know that most hotels in the US (I know TFA was London) use cheap magnetic credit cards (with a different encoding) as keys? I haven't seen an actual room key since at least a decade ago. I don't think attaching a brick to the key card will go over well with hotel guests or even the hotels themselves. Also, you can't use the key to tell when the room is occupied. If there are two guests in the room, and one goes out with the key, are you going to shut off TV and lights for the one staying behind?
  In fact, there's an easier way to do it: when the housekeeping maid comes by for the daily room cleaning and finds it unoccupied, she can turn off the TV and lights!
  
  --
  #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
8. Re:A solution in search of a problem.. by Known+Nutter · 2016-03-12 11:35 · Score: 1
  
  Oh, wait, you're not right after all. You're just reinventing the hotel keycard switch, but with added complexity and dubious benefits.
  Most of the those switches activate when you stick anything at all into them...which totally defeats the purpose.
  
  --
  Beware of the Leopard.
9. Re:A solution in search of a problem.. by vtcodger · 2016-03-12 11:36 · Score: 1
  
  Luddite!
  BTW, if I understand the situation correctly, the reason that we need IPv6 is so that we can all enjoy this and similar advanced technologies and can control our household lighting and curtains from anywhere on the planet.
  The 1960s are looking better and better.(excepting that Vietnam thing of course).
  
  --
  You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
10. Re:A solution in search of a problem.. by Intron · 2016-03-12 11:36 · Score: 1
  
  I've stayed in a room where you had to put one of the cardkeys in a slot on the inside of the door to have power to the room.
  
  --
  Intron: the portion of DNA which expresses nothing useful.
11. Re:A solution in search of a problem.. by Xolotl · 2016-03-12 11:36 · Score: 2
  
  You put the keycard (these days its more often chip based I think, but anyway) in the cradle by the door and it has the same effect (turn on/off thelights etc), usually except for one power socket which is used for the fridge. Two guests get two keycards so one is always in the room with them. Simple ... works this way across the world.
12. Re:A solution in search of a problem.. by mikael · 2016-03-12 11:42 · Score: 1
  
  The Travelodge in Clapham Junction used (uses?) Ving card which have a random combination of 100 holes in them.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
13. Re:A solution in search of a problem.. by mikael · 2016-03-12 11:43 · Score: 1
  
  Imagine having scrolling messages displayed on the outside of the hotel as different combinations of room lights went on and off. Even more fun if they used those smart LED lightbulbs that can be pre-programmed with a particular color out of range of 4096.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
14. Re:A solution in search of a problem.. by ericloewe · 2016-03-12 11:54 · Score: 2
  
  "Totally" is a severe exaggeration. Smartasses are never easy to deal with, but they do solve the problem 99% of times.
  Also, most people don't just carry around random credit card-sized cards that they're willing to leave behind for a little added convenience.
15. Re:A solution in search of a problem.. by dsmatthews9379 · 2016-03-12 12:22 · Score: 1
  
  Unless you wish to turn the entire building into a digital disco ball.
16. Re:A solution in search of a problem.. by nnull · 2016-03-12 12:25 · Score: 1
  
  I doubt the control system is a toy. Hubbell, for example, is no small crappy company, in the US and they make commercial devices that work unencrypted on Modbus over TCP. Many of the lighting control protocols are unencrypted and unsecured, as an industry standard! In fact, many manufacturers do the same, not just Hubbell.
  
  http://www.hubbell-automation....
  
  Many of these protocols come from a long history in industrial automation where every source was basically "Trusted". It's going to take years for it to change, as Allen Bradley, Siemens and many others don't want to change until more machines are hacked and people complain. There are some voices of complaints about these protocols regarding security, but not much, since anyone in this industry really doesn't care. They pretty much leave it to the person engineering or designing the system as a whole to think about security and thus you get a system as TFA.
  
  And for some reason, I don't think we'll see change soon as Siemens is now pushing unsecured IoT devices big time, because for some reason, I need to control my industrial machine from the beach.
17. Re:A solution in search of a problem.. by nnull · 2016-03-12 12:27 · Score: 1
  
  We don't have to imagine it, it's already going to happen, really soon! You know it will.
18. Re:A solution in search of a problem.. by guruevi · 2016-03-12 12:47 · Score: 1
  
  But doing it like that requires significant investment in extra wiring and zoning ordinances which depending on your electric code may not necessarily be either easy or cheap to implement/retrofit. Retrofitting some COTS "smart" switches on an Android would cost ~500-1000/room including labor, running new electric will cost at least 5-10x as much.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
19. Re:A solution in search of a problem.. by Balthisar · 2016-03-12 13:18 · Score: 1
  
  Hotels will usually give me an extra keycard when I ask, just so I can leave the room powered up when I'm not there. If I forget, a business card usually works well, too. Most of them don't have sensors; I'm assuming its a simple microswitch.
  
  --
  --Jim (me)
20. Re:A solution in search of a problem.. by Misagon · 2016-03-12 13:34 · Score: 1
  
  I would be more concerned with the room lights being used for displaying giant messages on the hotel's facade with one room per pixel.
  Could be used to shame the hotel for sure.
  The end scene of the movie Hackers comes to mind.
  
  --
  "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
21. Re:A solution in search of a problem.. by beelsebob · 2016-03-12 14:12 · Score: 1
  
  But pretty much every one of those sensors doesn't work as advertised, and instead starts turning things off because you sat still in bed for too long.
22. Re:A solution in search of a problem.. by Euler · 2016-03-12 14:41 · Score: 1
  
  I'm all for avoiding needless complexity, but here are the tangible benefits:
  1) Energy savings. You could ensure lights are not left on by housekeeping etc. when rooms are not occupied. Maybe a small benefit, but easy to automate.
  2) You can turn on lights when someone checks in to make the room more welcoming.
  3) Customers can turn off all the lights in the room from the bed. Maybe a bit of laziness, but helpful for someone not familiar with the layout of various light switches in the room.
  4) Safety: in a fire alarm, you can turn on all lights instantly to help people get out.
  5) Wiring plan: lower cost to build and maintain a room without hard-wired switches.
23. Re:A solution in search of a problem.. by bjwest · 2016-03-12 16:22 · Score: 1
  
  Oh, wait, you're not right after all. You're just reinventing the hotel keycard switch, but with added complexity and dubious benefits.
  Most of the those switches activate when you stick anything at all into them...which totally defeats the purpose.
  They don't unlock the door unless the correct thing is stuck into them. Pretty simple to tie it into the same computer system.
  
  --
  
  --- Keep the choice with the user..
24. Re:A solution in search of a problem.. by grahamsz · 2016-03-12 16:38 · Score: 1
  
  Wow, are they still around? I remember ving cards in the 90s but haven't seen one in probably 15 years.
25. Re:A solution in search of a problem.. by Anonymous Coward · 2016-03-12 23:23 · Score: 0
  
  Yes, because it's just so efficient to manufacture an entire tablet, SoC, battery, display, case and all, then ship it halfway across the world (you know it was made in China), and mount it on the wall so you can save a couple dozen watt hours over the thing's entire lifespan.
  Do you believe that electric cars have no emissions, too?
26. Re:A solution in search of a problem.. by Anonymous Coward · 2016-03-13 02:45 · Score: 0
  
  most people don't just carry around random credit card-sized cards that they're willing to leave behind for a little added convenience.
  No, but the conveniently provided notepad in the hotel room provides me with the piece of paper I can fold into the correct size (and stiffness) to stuff into that slot.
27. Re:A solution in search of a problem.. by Jack+Griffin · 2016-03-15 00:19 · Score: 1
  
  Also, most people don't just carry around random credit card-sized cards that they're willing to leave behind for a little added convenience.
  Are you sure about that? Every wallet or purse I've ever peaked into is full of pointless shit, mostly credit card sized. And every holiday I've ever been on we've always had a spare card to jam in the socket.
28. Re:A solution in search of a problem.. by ericloewe · 2016-03-15 01:11 · Score: 1
  
  The vast majority of switches is dumb. Just a card-sized slot and a switch.
29. Re:A solution in search of a problem.. by bjwest · 2016-03-15 06:27 · Score: 1
  
  I highly doubt that. Any hotel that used a lock that is nothing but a card shaped slot with a physical switch that activates with anything remotely card shaped is inserted is just asking for a major lawsuit, and would be sued into bankruptcy within the first year of instillation. The majority of card readers these days are magnetic strip, those that are not use an older keycard with holes in it that activate mechanical switches in the lock in a similar manner to the tumblers in a keyed lock. Newer locks may be chipped, but I've never seen one like that.
  
  --
  
  --- Keep the choice with the user..
30. Re:A solution in search of a problem.. by ericloewe · 2016-03-16 07:48 · Score: 1
  
  Not the door locks, the room's master light switch.
  Door locks are a whole different thing that is only tangentially related.
31. Re:A solution in search of a problem.. by Xolotl · 2016-03-22 21:06 · Score: 1
  
  Yep, I use a business card too, that so far has worked in all but one hotel.
A timothy by any other name ... by edittard · 2016-03-12 09:04 · Score: 3, Funny

The hotel in which Matthew Garrett was staying at

He should check his bill in case they charged him twice.

--
At the bottom of the /. main page it says 'Yesterday's News'. Well they got that right.
1. Re:A timothy by any other name ... by epyT-R · 2016-03-12 09:50 · Score: 1
  
  Oh. This guy? https://mjg59.dreamwidth.org/
  The one who forked the linux kernel in 'solidarity' with sarah sharp?
Wow by RightwingNutjob · 2016-03-12 09:05 · Score: 1, Insightful

See, this is what you get when you have wink-and-nod, everyone-gets-a-trophy education in the schools instead of teaching people not to be stupid by boxing them on the ears when they get out of line.
1. Re:Wow by Anonymous Coward · 2016-03-12 11:23 · Score: 0
  
  You get Trump believers. But yes, you get hotel "admins" like this as well.
2. Re:Wow by DNS-and-BIND · 2016-03-12 14:42 · Score: 0
  
  Uh, hello? That makes no sense. Right-wingers are the ones who believe in using physical violence to discipline children. Liberals are the ones who say that competition in schools creates 1 winner and 29 losers, leading to badfeels. Thus, every child needs a trophy. This is a well-known phenomenon, it's not like it appeared yesterday. Is this some kind of new Trump Derangement Syndrome, where people freak out and start injecting a politician into completely unrelated topics?
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Hotel Cheaped out. by Lumpy · 2016-03-12 09:05 · Score: 2

If they used a REAL control system this would not be the issue. but instead they tried to do it as cheap as possible using consumer crap.
Tablets at the light switches is insanely stupid as well. real automation lighting systems still have physical buttons at entryways and doorways for the lights.
Whoever sold this system to the hotel needs to be outed and publicly shamed.

--
Do not look at laser with remaining good eye.
1. Re:Hotel Cheaped out. by turbidostato · 2016-03-12 09:16 · Score: 1
  
  "If they used a REAL control system this would not be the issue."
  That's becoming interesting.
  Are you implying they were using an UNREAL control system? Kindof... I don't know... Ghost in the Shell's Section 9?
  "instead they tried to do it as cheap as possible using consumer crap."
  Ohh... I see! But, you know, that doesn't make it an unreal control system, but a very REAL one.
  "Whoever sold this system to the hotel needs to be outed and publicly shamed."
  You know what a free market is, don't you? It is not about the one that sells the thing -that's like leading your horse to water, but about the one that BUYS IT -the part about making it drink (caps locked to mimick your -obviously smart, style).
2. Re:Hotel Cheaped out. by msauve · 2016-03-12 09:47 · Score: 4, Insightful
  
  "Whoever sold this system to the hotel needs to be outed and publicly shamed."
  
  No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
3. Re:Hotel Cheaped out. by toonces33 · 2016-03-12 09:47 · Score: 1
  
  I wonder whether someone like the FSB is the one that is selling the thing. It could make eavesdropping on people so much easier.
  But as you say - the hotel was dumb enough to actually buy it.
4. Re:Hotel Cheaped out. by Anonymous Coward · 2016-03-12 09:59 · Score: 0
  
  Yeah, you say that, but Modbus is still actively used in lots of high end security/automation systems. Consumer-grade automation tends to be higher security than the commercial stuff.
5. Re:Hotel Cheaped out. by omglolbah · 2016-03-12 10:05 · Score: 4, Insightful
  
  Sounds like they picked ModbusTCP since it is an incredibly easy standard to implement on very cheap devices (think 10 cent microcontrollers).
  Tons of existing devices support it too so not a bad choice from a technical perspective.. unless you care about security.
  Modbus has zero security, why would it? It was built to run on serial lines and the tcp-implementation is for all intents and purposes just using a tcp-socket instead of a serial line to chuck bytes over the line.
  It entirely relies on the physical security of the network.
  The same thing is also true for KNX/EIB-control which is used for building automation all over the world. The issue here is that what used to be secure by being obscure and inside sockets on the wall is now just being extended onto tablets with no thoughts about how people will poke around in the system.
  Having 'killed' a building by mistake (typoed a path....tripped all breakers in the building :p) via KNX, I know the lack of security being very real in 'live' environments.
  This is not at all new, it has just not been a focus for anyone until fairly recently.
  Google around for KNX hacks and you'll see plenty of evidence of the shitty systems which are considered "industry standard" for building automation. Sigh.
6. Re:Hotel Cheaped out. by geoskd · 2016-03-12 10:06 · Score: 2
  
  If they used a REAL control system this would not be the issue.
  I can only assume that by "REAL control system" you mean industrial / commercial control system. There are two basic problems with that:
  First, The Modbus over TCP protocol *IS* the standard system for industrial controls systems, and has been for over 30 years. This is part of the problem with industrial control systems, and one of the key reasons why SCADA is immediately associated with security fail.
  Second, there are *no* proper control systems that are designed to display controls for end users that are both acceptable for customer facing interfaces, and reasonably priced. There are any number of engineering firms out there that will custom design a solution for you, and almost all of them would come up with a system similar to what TFA describes. The reason for that is because security is damn difficult. Because of what security has to accomplish, it has to be built into the very core of the systems design, but it has absolutely no affect on the operation of the system during "normal" use, so it is very easy to demonstrate a working system that has zero security, and the customer would not have any immediately obvious indication that the system has a flaw. There is no other part of the design requirements for a project like this where, parts of the requirements can be absent and the system still functions.
  
  --
  I wish I had a good sig, but all the good ones are copyrighted
7. Re:Hotel Cheaped out. by Anonymous Coward · 2016-03-12 10:18 · Score: 0
  
  The control system is fine, it's the physical network that isn't.
  If each room was on its own physical network it really wouldn't much matter that someone could hook in and turn the lights off with their own device instead of the provided one. It's being able to do things to other rooms that's the big deal.
  But it quite likely was cost-savings to use a few big centralized network switches instead of lots of smaller ones.
8. Re:Hotel Cheaped out. by fgouget · 2016-03-12 10:40 · Score: 2
  
  "Whoever sold this system to the hotel needs to be outed and publicly shamed." No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.
  I hope this is sarcastic because otherwise it sounds like you think every scam should be legalized and the blame put squarely on the victims.
9. Re:Hotel Cheaped out. by nnull · 2016-03-12 10:40 · Score: 1
  
  This is actually in response to the market demand. The properly more engineered solutions do not exist and require far more engineering. There is a demand for more high tech solutions and there is a serious lack of products to meet those demands. And since no one wants to pay for any engineering anymore or "team of engineers" and idiotic management that pushes their vendors to the limits, you get stuff like this.
  
  And by the way, I've used tablets to build HMI screens in industrial areas that work great (Both stripped down Android or linux if I can get it on there), but I can tell you that it sure isn't insecure as this system is. This system could have easily been secured since Android offers you a lot of tools to do it.
10. Re:Hotel Cheaped out. by Anonymous Coward · 2016-03-12 11:12 · Score: 0
  
  I worked at a place that did exactly this. One system I helped design and install had a dynalite based control system (dynet (rs485) based) bridged to Ethernet (so serial over ip), hooked to a raspberry pi running a web server to allow lighting control from a wall mounted iPad. Oh, and just for fun it also controlled two projectors and a sound system. And the new section we designed was then integrated into an existing building-wide dynet setup.
  It was fun to build, but why you would want such a Rube Goldberg solution is beyond me.
11. Re:Hotel Cheaped out. by Megane · 2016-03-12 11:30 · Score: 1
  
  Modbus over TCP may be the "standard" for "industrial controls systems", but it's not anywhere near the standard for commercial lighting control. BACnet is probably the most common standard, or at least the "lingua Franca" that most proprietary systems have a gateway for. There are also DALI, LonWorks, and DMX512 (mostly used for stage lighting)
  
  --
  #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
12. Re:Hotel Cheaped out. by msauve · 2016-03-12 11:41 · Score: 0
  
  Perhaps you should learn the difference between simple incompetence and scamming. Are you asserting that selling an insecure system is somehow illegal?
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
13. Re:Hotel Cheaped out. by Anonymous Coward · 2016-03-12 11:51 · Score: 0
  
  Even the "professional" control systems don't have firewalls between rooms. Instead of one large broadcast domain for ethernet (and IP), you'd have on large, more or less proprietary serial bus with repeaters and possibly routers, easily accessible at every light switch, lamp or socket.
14. Re:Hotel Cheaped out. by nnull · 2016-03-12 12:29 · Score: 1
  
  It's true. Anyone that works in industrial automation can attest how crappy everything is regarding security.
15. Re:Hotel Cheaped out. by nnull · 2016-03-12 12:31 · Score: 2
  
  Lots of "Industry Standard" stuff that is just not right with the times and plenty of those people will argue against changing.
16. Re:Hotel Cheaped out. by nnull · 2016-03-12 12:33 · Score: 1
  
  If the contractor is going to install this lighting control device with the default password anyways and on the same LAN network, what's the point?
17. Re:Hotel Cheaped out. by Anonymous Coward · 2016-03-12 14:07 · Score: 0
  
  I would tend to agree with you. My home automation system still uses the physical light switches but they do nothing. Well they do something, they turn on an input relay to the computer. Then computer then turns on the corresponding output relay that turns on the light switch. Therefore the computer has full control over the lights.
  If you want to know what I use, I use OPTO-22 modules in a G4PB24 board run by a OPTO PCIAC5 card with OPTO's own driver kit to control it. Simple as simple could be. Well, you do have to run a wire to every light switch.
18. Re:Hotel Cheaped out. by Anonymous Coward · 2016-03-12 16:39 · Score: 0
  
  There you go defending the scammer again. The world would be better off without you.
19. Re:Hotel Cheaped out. by adolf · 2016-03-12 18:07 · Score: 1
  
  DMX512 is no better, being a dumb multi-drop RD-485 serial bus with zero authentication.
  I admit that I lack knowledge of BACnet, DALI, or Lonworks, specifically but generally: Industrial control systems don't have authentication.
  The chances of the radio console(s) that your local public-safety agencies use of potentially having IP connectivity and default passwords is astonishingly good, for instance.
  I saw one instance of this in a town not far from where I live, where the radio system used IP addresses which were in a subnet documented in the manual, and the whole mess of it was cross-connected to the building's (simple) LAN, and where someone had connected an 802.11 access point named "NETGEAR" without even so much as WEP to attempt to keep passerby out.
  Toggling the lights and drapes in a hotel seems like child's play compared to mucking about with the operation of fire trucks and ambulances.
  
  --
  Kid-proof tablet..
20. Re:Hotel Cheaped out. by thegarbz · 2016-03-12 20:38 · Score: 1
  
  If they used a REAL control system this would not be the issue.
  
  You mean a real control system, like a control system used a lot in industry and commercial settings?
  Such a control system that is most probably running a protocol like Modbus TCP?
  Is that the kind of control system you're talking about?
  This was a story about someone finding a way to access a Modbus TCP connection to control a building. This is very much not only a "real" control system, but it is also probably the single most widely used protocol for this kind of control in the world, and it's a protocol problem which has nothing to do with the control system.
21. Re:Hotel Cheaped out. by thegarbz · 2016-03-12 20:39 · Score: 3, Interesting
  
  No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.
  They did their due diligence. It runs Modbus TCP. That's like an industry standard man. Everyone uses that. It must be good!
22. Re:Hotel Cheaped out. by Lumpy · 2016-03-13 01:21 · Score: 1
  
  Bacnet is the standard for commercial lighting. Modbus has NEVER been used for lighting control in commercial.
  
  --
  Do not look at laser with remaining good eye.
23. Re:Hotel Cheaped out. by Lumpy · 2016-03-13 01:27 · Score: 1
  
  Lack of serious products?
  Crestron, AMX, Lutron, Hubbell, Leviton ALL make this stuff that is not based on cheap-ass android tablets and half assed networking without any kind of security in place.
  And all of those companies have been in business longer than you have been alive. There are tons of "properly more engineered solutions" out there and they have been there for decades.
  
  --
  Do not look at laser with remaining good eye.
24. Re:Hotel Cheaped out. by fgouget · 2016-03-13 11:43 · Score: 1
  
  Perhaps you should learn the difference between simple incompetence and scamming.
  You implied the salesman knowingly sold an insecure system when you said he "should win salesman of the year". Otherwise he was simply incompetent, the buyer was incompetent, and neither should win any prizes.
25. Re:Hotel Cheaped out. by lsatenstein · 2016-03-13 13:02 · Score: 1
  
  If they used a REAL control system this would not be the issue. but instead they tried to do it as cheap as possible using consumer crap.
  Tablets at the light switches is insanely stupid as well. real automation lighting systems still have physical buttons at entryways and doorways for the lights.
  Whoever sold this system to the hotel needs to be outed and publicly shamed.
  The hotel is in the hotel business. They trust the electronic doors, and other security stuff to contractor. It is the contractor that should be liable, if some item was stolen from a room.
  
  --
  Leslie Satenstein Montreal Quebec Canada
26. Re:Hotel Cheaped out. by msauve · 2016-03-14 02:22 · Score: 1
  
  "You implied the salesman knowingly sold an insecure system when you said he "should win salesman of the year".
  
  I did no such thing. He should win it simply for selling a costly, high tech, high support solution in place of a wall switch.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
27. Re:Hotel Cheaped out. by Anonymous Coward · 2016-03-14 02:47 · Score: 0
  
  doodoo diligence ...
28. Re:Hotel Cheaped out. by Anonymous Coward · 2016-03-14 08:27 · Score: 0
  
  Don't mind the parent, he's just talking out of his ass trying to come off like someone with a clue.
  Call it the Trump Effect ... Just talk with confidence and people might take you seriously even though it's obvious you have literally zero knowledge on the subject.
29. Re:Hotel Cheaped out. by Jack+Griffin · 2016-03-15 00:23 · Score: 1
  
  No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.
  Same goes for whoever is approving those smart elevator controls, you know the ones where the lift has no buttons, you type in your floor on a panel in the lobby, then get assigned a lift number? They are becoming more and more common and I always have a worse experience with them than the old fashioned up and down buttons with floor buttons in each lift.
Screw control, monitoring more interesting... by SuperKendall · 2016-03-12 09:07 · Score: 4, Insightful

If he can query the light status, why not polls every room every two minutes or so - and make a note of which rooms had been on, then were turned off implying the owners had left...
Nothing like being able to know a room will have belongings but is unoccupied to make the burglar's work easy.
On a side note I can't really blame them for matching IP to room number, just from a trouble-shooting perspective... the real problem is lacking unique per-room authentication.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:Screw control, monitoring more interesting... by thegarbz · 2016-03-12 20:43 · Score: 1
  
  Nothing like being able to know a room will have belongings but is unoccupied to make the burglar's work easy.
  That depends on your hotel. Having "lived" in a few hotels (to the point where the concierge of one hotel gave me a house warming present when I left), I can tell you that during the day I didn't use the lights as it was bright enough, and at night while watching a movie or sleeping I didn't use the lights either.
  On the other hand walking down a hallway and seeing a couple walk out of the room is a far simpler way of knowing that a room is empty.
2. Re:Screw control, monitoring more interesting... by Anonymous Coward · 2016-03-14 08:37 · Score: 0
  
  Wow, so people actually turn the lights off when they leave the room?
  Not me, the lights and the TV are staying the fuck on. I'll run that AC, too, and fire up the heat if it's too cold when I get back.
3. Re:Screw control, monitoring more interesting... by Jack+Griffin · 2016-03-15 00:26 · Score: 1
  
  Nothing like being able to know a room will have belongings but is unoccupied to make the burglar's work easy.
  Because risking jail for stealing tourist's clothes is worth it for your average IT savvy crook....
4. Re:Screw control, monitoring more interesting... by SuperKendall · 2016-03-15 04:29 · Score: 1
  
  I don't know whey you are stealing clothes when you could have laptops, iPads and jewelry.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
5. Re:Screw control, monitoring more interesting... by Jack+Griffin · 2016-03-15 14:52 · Score: 1
  
  I don't know whey you are stealing clothes when you could have laptops, iPads and jewelry.
  Have you ever stayed in a hotel? Most people will have their valuables on them, or if left in the room kept in a safe. I hardly think that renting a hotel room, which you have to present ID and credit card (sure you could fake that but...) only so you can hack the electrical control bus to try and work out when another guest is not in (maybe), so you can somehow break down their door, and pray they have something valuable lying around you can steal (that doesn't have GPS and tracking), and hope there's no cameras or security (which there usually is), is the best idea I've heard of.
  If you want to steal stuff, learn how to climb or abseil and come in through the window. It's a whole lot simpler.
The software will only need to be tested once! by MobileTatsu-NJG · 2016-03-12 09:08 · Score: 0

To the engineer's credit, at least he used a platform that won't require testing due to software updates!

--

"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
not even wireless(!) by Anonymous Coward · 2016-03-12 09:20 · Score: 0

So lame.
Ironically, WPA2 would have prevented this jackass from tapping the link layer.
1. Re:not even wireless(!) by Megane · 2016-03-12 11:38 · Score: 1
  
  Except that from TFA you can tell that it used a wired Ethernet setup. Wireless is a dumb idea because hotels are infamous for crappy wireless internet, especially when full for a convention full of nerds. And if somehow the wireless encryption did get hacked, he could passively see everything. At least with Ethernet connected via switches, he couldn't passively monitor any other room's traffic.
  
  --
  #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
2. Re:not even wireless(!) by Anonymous Coward · 2016-03-12 11:46 · Score: 0
  
  That would have let anyone parked near the building hack it.
3. Re:not even wireless(!) by Anonymous Coward · 2016-03-12 14:22 · Score: 0
  
  Wireless is a dumb idea because hotels are infamous for crappy wireless internet, especially when full for a convention full of nerds.
  
  Idiot #1,
  The crappy Wi-Fi is crappy because too many devices are using the same channel.
  So put the lightswitches on a different channel, idiot.
4. Re:not even wireless(!) by Anonymous Coward · 2016-03-12 14:24 · Score: 0
  
  That would have let anyone parked near the building hack it.
  Idiot #2,
  Wardriving is hard when the SSID is hidden and the link layer is encrypted.
  WPA2 is encrypted, idiot.
5. Re:not even wireless(!) by Anonymous Coward · 2016-03-12 20:30 · Score: 0
  
  Wardriving is hard when the SSID is hidden
  Found patient zero.
Welcome to the Internet of Shitty Things by Anonymous Coward · 2016-03-12 09:23 · Score: 0

The lack of security doesn't stop at everything using unlicensed wireless bands.
1. Re:Welcome to the Internet of Shitty Things by Locke2005 · 2016-03-12 10:17 · Score: 1
  
  Agreed, we're going to be seeing problems caused by poor security in the IoT for the next decade or so. But then, WiFi was the same way (and still is).
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
2. Re:Welcome to the Internet of Shitty Things by Anonymous Coward · 2016-03-12 13:43 · Score: 0
  
  Until someone hacks into a multi-million dollar machine and sabotages it. I've already seen it. I've seen a multi-million dollar blow molder bottling line hacked into and sabotaged costing thousands and thousands of dollars in repair costs and downtime costs. If you're in this industry, you know exactly which line I'm talking about. The place this happened at also has VPN's. But guess what? Every employee has and gets full VPN access. The VPN allows you to connect to all of their plants in the US and Mexico, to every machine, to every server, to every printer, to every DVR, to every cellphone. By the way, this is a multi-billion dollar corporation who can't even manage their own network, yet alone their own plants. So the whole VPN as a secure connection is completely moot if security is implemented by incompetent people.
  
  A lot of these manufacturers take zero consideration into security, they don't care. Even the machine manufacturers, they don't care. The component manufacturers, such as Siemens and Allen Bradley, they don't really care either, they've made little strives in improving the situation. The management of these companies look at you stumped when you even mention anything about security, it doesn't even exist in their mind that such a case can happen.
  
  But boy are they pushing IoT devices to the extreme because for some reason we need to control these machines from a thousand miles away. We're already seeing it in the consumer products being sold all over Amazon with basically trojan horses into your network. Like those stupid 'smart' LED lights that for some reason needs to be connected to the cloud? WTF?
Uhh...no. by gruntspeak · 2016-03-12 09:26 · Score: 1

MacGyver would have built a transparent bridge using mothballs and saliva, not usb adapters.
People kept losing their keys, by Anonymous Coward · 2016-03-12 09:29 · Score: 0

so we installed combination cocks[NSFW].
I see VPN or Firewall in their future. by Anonymous Coward · 2016-03-12 09:34 · Score: 0

Easy security problem to solve. (since you messing with your own room isn't a problem... I would think) Wonder why they decided on a totally flat and open LAN?
1. Re:I see VPN or Firewall in their future. by Anonymous Coward · 2016-03-12 09:50 · Score: 0
  
  Everyone seems to forget. Security costs money. VLANning the shit out of the hotel not only would cost money for setup, but if there's a problem, the owner's 13 year old son probably wouldn't know how to get into it. Which costs money now.
  Cheap wins. This is why everyone in IT is being outsourced.
2. Re:I see VPN or Firewall in their future. by omglolbah · 2016-03-12 09:52 · Score: 1
  
  Cost most likely. Or an oblivious implementer.
3. Re:I see VPN or Firewall in their future. by xtal · 2016-03-12 10:11 · Score: 1
  
  VLAN doesn't do much unless it's also enforced via a smart switch..
  
  --
  ..don't panic
Lights, cameras, ... by C3ntaur · 2016-03-12 09:42 · Score: 1

I recently stayed in a hotel that provided a tablet in every room for accessing amenities, such as room service. It appeared to be equipped with a camera and microphone, as most tablets are. And I have little doubt the security at that hotel was as bad as what the poster described.

--
Loading...
1. Re:Lights, cameras, ... by Locke2005 · 2016-03-12 10:21 · Score: 1
  
  Big Brother is watching you!
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
2. Re:Lights, cameras, ... by Anonymous Coward · 2016-03-12 11:45 · Score: 0
  
  I always thought that those little bedlights on flexible moveable steel cables had little cameras built into them.
3. Re:Lights, cameras, ... by Intron · 2016-03-12 11:49 · Score: 1
  
  I recently stayed in a hotel that provided a tablet in every room for accessing amenities, such as room service. It appeared to be equipped with a camera and microphone, as most tablets are. And I have little doubt the security at that hotel was as bad as what the poster described.
  Does anyone know what hotel Erin Andrews is staying in?
  
  --
  Intron: the portion of DNA which expresses nothing useful.
Not a control system by Anonymous Coward · 2016-03-12 09:50 · Score: 0

It's not a control system. It's a slapdash bunch of crap stuck together, not a system.
1. Re:Not a control system by stooo · 2016-03-12 10:30 · Score: 1
  
  >>It's a slapdash bunch of crap stuck together
  That's the definition of a system.
  
  --
  aaaaaaa
Obligatory by Anonymous Coward · 2016-03-12 10:03 · Score: 0

https://www.youtube.com/watch?v=Fe581bHpvZo
the reason for not having nice things by Anonymous Coward · 2016-03-12 10:06 · Score: 1

This, exactly this, hacking into it, outing it as cheap crap, saying it's not secure, blah blah blah, keep living in your encrypted utopia and kill yourself yesterday for all our sakes.
why does it have to be ten times the price this hotel already paid for? just fuck you guys, you're all just a bunch of lame ass chatterbugs, not even worthy of any goatse.
have fun with it for a moment, let the hotel know about it, especially the owners of the hotel, and maybe just maybe, karma won't bite you in the electrical switches.
and all you others here, keep on whining about it, it's your national pass time, though it only serves the war; go babelfish !
[wdw]
1. Re:the reason for not having nice things by james_gnz · 2016-03-12 16:20 · Score: 1
  
  ... keep living in your encrypted utopia and kill yourself yesterday for all our sakes. ... why does it have to be ten times the price this hotel already paid for? ...
  I'm guessing this was intended as hyperbole, and I don't know what the actual additional cost would have been for the hotel, although I expect a lack of security is common, and it may well have cost the hotel somewhat more to put some kind of security in place.
  Where some kind of security is common practice though, I don't think it need cost an awful lot more. Cars tend to come with locks as standard, and builders tend to put them in buildings. (Not necessarily great locks, but at least something.) Police may encourage people to ensure they use their locks, and insurance may not be available otherwise. This is widely accepted, and few people complain about the additional cost of locks, or deride their use.
  If some kind of security were standard in these sorts of set ups too, then I expect economy of scale would make it affordable. I don't think it ought to be any different from using locks. To me it just seems sensible.
You could have make this much more fun and useful. by Anonymous Coward · 2016-03-12 10:09 · Score: 0

I would have left the standard switches and implemented the Android control system with a key you load into an app in the customers device.
"sir, would you like to use your device to control your room, lock and unlock your door, get a message if your room is entered, order from the room service menu, check in and out and a lot of other services we offer?"
Indians by ArchieBunker · 2016-03-12 10:15 · Score: 1

Guarantee this was dreamed up by someone from India.

--
Only the State obtains its revenue by coercion. - Murray Rothbard
1. Re:Indians by smooth+wombat · 2016-03-12 11:22 · Score: 1
  
  And implemented by an American in a board room deciding who they need to fire next so they can make their quarterly bonus.
  
  --
  We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Re:You could have make this much more fun and usef by toonces33 · 2016-03-12 10:19 · Score: 1

I would like to use my device to simultaneously flush every toilet in the building. And then after having done that, then I would like to use my device to book a different hotel for the evening.
Because by Ol+Olsoc · 2016-03-12 11:01 · Score: 3, Insightful

Those old fashioned light swtches were just too reliable.
Welcome to the Internet of really gadamned stupid things.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
power shutdown in hotels by Anonymous Coward · 2016-03-12 14:22 · Score: 1

In a lot of hotels in Europe, you have to shove your key card into a receptacle near the door which turns on the power to the room.
(of course, most don't care what card you use, so if you want to leave the lights on when you leave, you use a keycard from some other place)
1. Re:power shutdown in hotels by Bert64 · 2016-03-12 21:00 · Score: 1
  
  But most annoyingly, shutting off the power means i can't leave something charging in the room while i go out somewhere.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
2. Re:power shutdown in hotels by rpstrong · 2016-03-13 04:31 · Score: 1
  
  Or a bottle of rec wine sitting on the air conditioner to properly chill (cellar temp) for dinner.
  (One of those combined A/C and heater units, with a convenient horizontal grill. And I set it up at lunchtime, after the room had been cleaned - the maids were trained to turn the A/Cs off).
I'm surprise the door locks weren' on the network. by WarlockD · 2016-03-12 15:29 · Score: 1

If your going though all the trouble of networking all the lights/TV's in the entire hotel, why not the door locks too?
Tetris? by SpaghettiPattern · 2016-03-12 18:36 · Score: 2

So, eventually, was he able to play tetris with the hotel as display?

--

I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
Private VLAN by Bert64 · 2016-03-12 21:05 · Score: 1

The solution is pretty simple, setup private vlanning so that only the ports in a given room can talk to each other, and any central server authenticates the connection based on the incoming port.
Sure the traffic is still in the clear but so what? You would be able mitm your own room and turn off your own lights, which you could have done anyway.

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Three days later by Anonymous Coward · 2016-03-14 08:23 · Score: 0

...Matthew Garrett was killed in a hail of automatic weapons fire in an arrest gone wrong, when a federal multi-agency task force attempted to serve a warrant on his residence pertaining to alleged DMCA violations related to his recent posting of security holes that he found in a hotel's lighting system.
When asked for comment, the task force leader said, "It's a bit of a shame, yeah. Someone on the team believed they saw a gun being pointed at them and fired a 30 round burst as a warning shot, and the rest of the team joined in. It was all over in a matter of seconds. Upon further investigation it was determined that the target was actually clutching a stuffed bear. As I said, it's a bit of a shame, but when we hear about someone trying to hack into a hotel lighting system, we just can't take any chances and mobilize immediately, and yeah, sometimes people get shot. I still think it's a win, because we at least got the address right this time."