Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hotel Experience With Android Lightswitches (dreamwidth.org)

Posted by BeauHD on from the insecure-home-automation-deployment dept.

jones_supa writes: The hotel in which Matthew Garrett was staying at, had decided that light switches are unfashionable and replaced them with a series of Android tablets. In his tour to the system, one was quickly met with a glitch message "UK_bathroom isn't responding." Anyway, two of the tablets had convenient-looking ethernet cables plugged into the wall, so MacGyver began hacking. He managed to borrow a couple of USB ethernet adapters, set up a transparent bridge and then stick his laptop between the tablet and the wall. Tcpdump showed traffic, and Wireshark revealed that it was Modbus over TCP. Modbus is a pretty trivial protocol, and does not implement authentication. The Pymodbus tool could be used to control lights, turn the TV on/off, and even close and open the curtains. Then he noticed something. His room number was 714. The IP address he was communicating with was 172.16.207.14. They wouldn't, would they? Indeed, he could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that he could control them as well.

79 of 111 comments (clear)

  1. A solution in search of a problem.. by toonces33 · · Score: 1

    It just seems daft to me that this is just pointless complexity.

    1. Re:A solution in search of a problem.. by Locke2005 · · Score: 1

      The "problem" it is solving is energy efficiency; they can shut off everything in the room as soon as occupant leaves. Eventually it will become cheaper and more reliable.

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    2. Re:A solution in search of a problem.. by ericloewe · · Score: 1

      You're right. Maybe they could issue something to their guests that they can use to tell the system they're in the room. Maybe they could even be used to open the door!

      Oh, wait, you're not right after all. You're just reinventing the hotel keycard switch, but with added complexity and dubious benefits.

    3. Re:A solution in search of a problem.. by DavidRawling · · Score: 2

      That's a ~95% solved problem and has been for decades. Room key on thick plastic block, block goes in a cradle inside the door, activating power to the room. Pull the key to leave and everything goes off.

      Worked in the 90's at least when I started traveling for work, and it wasn't just in big city hotels then. Perspex blocks don't have to be smudge-free, don't need extra power of their own, won't break down, are significantly cheaper, can't be trivially hacked to screw with every other room in the hotel - no this is a solution looking for a problem.

    4. Re:A solution in search of a problem.. by nnull · · Score: 1

      It already is cheaper and reliable, using just regular light switches. There are plenty of lighting control systems built for this purpose for hotels. This was just someone in management who thought it would be a cool idea to replace the light switches and whatever else with tablets, since those lighting controls have modbus TCP or Ethernet/IP where you can control it all from your computer. I mean, it's a cool idea, but needs more thought put into it for just serving as a light switch.

      And in most cases, this person could have hacked the lights in every room whether it was a regular light switch or a tablet, it wouldn't matter. I find a lot of hotels run their whole control system on the same LAN network. Every hotel I've been so far, I've found the lighting control system on the network, unsecured, default password (Hell, I find the security camera DVR's too!). A lot of the installers of these systems are general contractors and electrical contractors who don't know a thing about network security to even care. In fact, I find a lot of these contractors will ask them to open a port in their firewall and I can access these systems from outside! The management sees it work, they don't care about anything else.

      And by the way, these lighting control systems are now a requirement in certain states like California and a lot of countries, such as England.

    5. Re:A solution in search of a problem.. by Megane · · Score: 1

      I've done development work on commercial lighting systems, and the system as described in TFA sounds like a total and complete toy. Unencrypted Modbus over TCP? Android tablets? IP addresses that clearly indicate which room is which? Sheesh. But again, that was in London, and the systems I worked on were for the US market with no effort toward international sales other than a nod to Canada (California's energy regulations drive a of the designs in the US lighting control business), so they probably just don't have as many options available.

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    6. Re:A solution in search of a problem.. by Megane · · Score: 1

      Room key on thick plastic block, block goes in a cradle inside the door, activating power to the room. Pull the key to leave and everything goes off.

      Do you know that most hotels in the US (I know TFA was London) use cheap magnetic credit cards (with a different encoding) as keys? I haven't seen an actual room key since at least a decade ago. I don't think attaching a brick to the key card will go over well with hotel guests or even the hotels themselves. Also, you can't use the key to tell when the room is occupied. If there are two guests in the room, and one goes out with the key, are you going to shut off TV and lights for the one staying behind?

      In fact, there's an easier way to do it: when the housekeeping maid comes by for the daily room cleaning and finds it unoccupied, she can turn off the TV and lights!

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    7. Re:A solution in search of a problem.. by Known+Nutter · · Score: 1

      Oh, wait, you're not right after all. You're just reinventing the hotel keycard switch, but with added complexity and dubious benefits.

      Most of the those switches activate when you stick anything at all into them...which totally defeats the purpose.

      --
      Beware of the Leopard.
    8. Re:A solution in search of a problem.. by vtcodger · · Score: 1

      Luddite!

      BTW, if I understand the situation correctly, the reason that we need IPv6 is so that we can all enjoy this and similar advanced technologies and can control our household lighting and curtains from anywhere on the planet.

      The 1960s are looking better and better.(excepting that Vietnam thing of course).

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    9. Re:A solution in search of a problem.. by Intron · · Score: 1

      I've stayed in a room where you had to put one of the cardkeys in a slot on the inside of the door to have power to the room.

      --
      Intron: the portion of DNA which expresses nothing useful.
    10. Re:A solution in search of a problem.. by Xolotl · · Score: 2

      You put the keycard (these days its more often chip based I think, but anyway) in the cradle by the door and it has the same effect (turn on/off thelights etc), usually except for one power socket which is used for the fridge. Two guests get two keycards so one is always in the room with them. Simple ... works this way across the world.

    11. Re:A solution in search of a problem.. by mikael · · Score: 1

      The Travelodge in Clapham Junction used (uses?) Ving card which have a random combination of 100 holes in them.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    12. Re:A solution in search of a problem.. by mikael · · Score: 1

      Imagine having scrolling messages displayed on the outside of the hotel as different combinations of room lights went on and off. Even more fun if they used those smart LED lightbulbs that can be pre-programmed with a particular color out of range of 4096.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    13. Re:A solution in search of a problem.. by ericloewe · · Score: 2

      "Totally" is a severe exaggeration. Smartasses are never easy to deal with, but they do solve the problem 99% of times.

      Also, most people don't just carry around random credit card-sized cards that they're willing to leave behind for a little added convenience.

    14. Re:A solution in search of a problem.. by dsmatthews9379 · · Score: 1

      Unless you wish to turn the entire building into a digital disco ball.

    15. Re:A solution in search of a problem.. by nnull · · Score: 1

      I doubt the control system is a toy. Hubbell, for example, is no small crappy company, in the US and they make commercial devices that work unencrypted on Modbus over TCP. Many of the lighting control protocols are unencrypted and unsecured, as an industry standard! In fact, many manufacturers do the same, not just Hubbell.

      http://www.hubbell-automation....

      Many of these protocols come from a long history in industrial automation where every source was basically "Trusted". It's going to take years for it to change, as Allen Bradley, Siemens and many others don't want to change until more machines are hacked and people complain. There are some voices of complaints about these protocols regarding security, but not much, since anyone in this industry really doesn't care. They pretty much leave it to the person engineering or designing the system as a whole to think about security and thus you get a system as TFA.

      And for some reason, I don't think we'll see change soon as Siemens is now pushing unsecured IoT devices big time, because for some reason, I need to control my industrial machine from the beach.

    16. Re:A solution in search of a problem.. by nnull · · Score: 1

      We don't have to imagine it, it's already going to happen, really soon! You know it will.

    17. Re:A solution in search of a problem.. by guruevi · · Score: 1

      But doing it like that requires significant investment in extra wiring and zoning ordinances which depending on your electric code may not necessarily be either easy or cheap to implement/retrofit. Retrofitting some COTS "smart" switches on an Android would cost ~500-1000/room including labor, running new electric will cost at least 5-10x as much.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    18. Re:A solution in search of a problem.. by Balthisar · · Score: 1

      Hotels will usually give me an extra keycard when I ask, just so I can leave the room powered up when I'm not there. If I forget, a business card usually works well, too. Most of them don't have sensors; I'm assuming its a simple microswitch.

      --
      --Jim (me)
    19. Re:A solution in search of a problem.. by Misagon · · Score: 1

      I would be more concerned with the room lights being used for displaying giant messages on the hotel's facade with one room per pixel.
      Could be used to shame the hotel for sure.

      The end scene of the movie Hackers comes to mind.

      --
      "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
    20. Re:A solution in search of a problem.. by beelsebob · · Score: 1

      But pretty much every one of those sensors doesn't work as advertised, and instead starts turning things off because you sat still in bed for too long.

    21. Re:A solution in search of a problem.. by Euler · · Score: 1

      I'm all for avoiding needless complexity, but here are the tangible benefits:
      1) Energy savings. You could ensure lights are not left on by housekeeping etc. when rooms are not occupied. Maybe a small benefit, but easy to automate.
      2) You can turn on lights when someone checks in to make the room more welcoming.
      3) Customers can turn off all the lights in the room from the bed. Maybe a bit of laziness, but helpful for someone not familiar with the layout of various light switches in the room.
      4) Safety: in a fire alarm, you can turn on all lights instantly to help people get out.
      5) Wiring plan: lower cost to build and maintain a room without hard-wired switches.
       

    22. Re:A solution in search of a problem.. by bjwest · · Score: 1

      Oh, wait, you're not right after all. You're just reinventing the hotel keycard switch, but with added complexity and dubious benefits.

      Most of the those switches activate when you stick anything at all into them...which totally defeats the purpose.

      They don't unlock the door unless the correct thing is stuck into them. Pretty simple to tie it into the same computer system.

      --

      --- Keep the choice with the user..
    23. Re:A solution in search of a problem.. by grahamsz · · Score: 1

      Wow, are they still around? I remember ving cards in the 90s but haven't seen one in probably 15 years.

    24. Re:A solution in search of a problem.. by Jack+Griffin · · Score: 1

      Also, most people don't just carry around random credit card-sized cards that they're willing to leave behind for a little added convenience.

      Are you sure about that? Every wallet or purse I've ever peaked into is full of pointless shit, mostly credit card sized. And every holiday I've ever been on we've always had a spare card to jam in the socket.

    25. Re:A solution in search of a problem.. by ericloewe · · Score: 1

      The vast majority of switches is dumb. Just a card-sized slot and a switch.

    26. Re:A solution in search of a problem.. by bjwest · · Score: 1

      I highly doubt that. Any hotel that used a lock that is nothing but a card shaped slot with a physical switch that activates with anything remotely card shaped is inserted is just asking for a major lawsuit, and would be sued into bankruptcy within the first year of instillation. The majority of card readers these days are magnetic strip, those that are not use an older keycard with holes in it that activate mechanical switches in the lock in a similar manner to the tumblers in a keyed lock. Newer locks may be chipped, but I've never seen one like that.

      --

      --- Keep the choice with the user..
    27. Re:A solution in search of a problem.. by ericloewe · · Score: 1

      Not the door locks, the room's master light switch.

      Door locks are a whole different thing that is only tangentially related.

    28. Re:A solution in search of a problem.. by Xolotl · · Score: 1

      Yep, I use a business card too, that so far has worked in all but one hotel.

  2. A timothy by any other name ... by edittard · · Score: 3, Funny

    The hotel in which Matthew Garrett was staying at

    He should check his bill in case they charged him twice.

    --
    At the bottom of the /. main page it says 'Yesterday's News'. Well they got that right.
    1. Re:A timothy by any other name ... by epyT-R · · Score: 1

      Oh. This guy? https://mjg59.dreamwidth.org/

      The one who forked the linux kernel in 'solidarity' with sarah sharp?

  3. Wow by RightwingNutjob · · Score: 1, Insightful

    See, this is what you get when you have wink-and-nod, everyone-gets-a-trophy education in the schools instead of teaching people not to be stupid by boxing them on the ears when they get out of line.

  4. Hotel Cheaped out. by Lumpy · · Score: 2

    If they used a REAL control system this would not be the issue. but instead they tried to do it as cheap as possible using consumer crap.

    Tablets at the light switches is insanely stupid as well. real automation lighting systems still have physical buttons at entryways and doorways for the lights.

    Whoever sold this system to the hotel needs to be outed and publicly shamed.

    --
    Do not look at laser with remaining good eye.
    1. Re:Hotel Cheaped out. by turbidostato · · Score: 1

      "If they used a REAL control system this would not be the issue."

      That's becoming interesting.

      Are you implying they were using an UNREAL control system? Kindof... I don't know... Ghost in the Shell's Section 9?

      "instead they tried to do it as cheap as possible using consumer crap."

      Ohh... I see! But, you know, that doesn't make it an unreal control system, but a very REAL one.

      "Whoever sold this system to the hotel needs to be outed and publicly shamed."

      You know what a free market is, don't you? It is not about the one that sells the thing -that's like leading your horse to water, but about the one that BUYS IT -the part about making it drink (caps locked to mimick your -obviously smart, style).

    2. Re:Hotel Cheaped out. by msauve · · Score: 4, Insightful

      "Whoever sold this system to the hotel needs to be outed and publicly shamed."

      No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    3. Re:Hotel Cheaped out. by toonces33 · · Score: 1

      I wonder whether someone like the FSB is the one that is selling the thing. It could make eavesdropping on people so much easier.

        But as you say - the hotel was dumb enough to actually buy it.

    4. Re:Hotel Cheaped out. by omglolbah · · Score: 4, Insightful

      Sounds like they picked ModbusTCP since it is an incredibly easy standard to implement on very cheap devices (think 10 cent microcontrollers).
      Tons of existing devices support it too so not a bad choice from a technical perspective.. unless you care about security.

      Modbus has zero security, why would it? It was built to run on serial lines and the tcp-implementation is for all intents and purposes just using a tcp-socket instead of a serial line to chuck bytes over the line.

      It entirely relies on the physical security of the network.
      The same thing is also true for KNX/EIB-control which is used for building automation all over the world. The issue here is that what used to be secure by being obscure and inside sockets on the wall is now just being extended onto tablets with no thoughts about how people will poke around in the system.

      Having 'killed' a building by mistake (typoed a path....tripped all breakers in the building :p) via KNX, I know the lack of security being very real in 'live' environments.

      This is not at all new, it has just not been a focus for anyone until fairly recently.
      Google around for KNX hacks and you'll see plenty of evidence of the shitty systems which are considered "industry standard" for building automation. Sigh.

    5. Re:Hotel Cheaped out. by geoskd · · Score: 2

      If they used a REAL control system this would not be the issue.

      I can only assume that by "REAL control system" you mean industrial / commercial control system. There are two basic problems with that:

      First, The Modbus over TCP protocol *IS* the standard system for industrial controls systems, and has been for over 30 years. This is part of the problem with industrial control systems, and one of the key reasons why SCADA is immediately associated with security fail.

      Second, there are *no* proper control systems that are designed to display controls for end users that are both acceptable for customer facing interfaces, and reasonably priced. There are any number of engineering firms out there that will custom design a solution for you, and almost all of them would come up with a system similar to what TFA describes. The reason for that is because security is damn difficult. Because of what security has to accomplish, it has to be built into the very core of the systems design, but it has absolutely no affect on the operation of the system during "normal" use, so it is very easy to demonstrate a working system that has zero security, and the customer would not have any immediately obvious indication that the system has a flaw. There is no other part of the design requirements for a project like this where, parts of the requirements can be absent and the system still functions.

      --
      I wish I had a good sig, but all the good ones are copyrighted
    6. Re:Hotel Cheaped out. by fgouget · · Score: 2

      "Whoever sold this system to the hotel needs to be outed and publicly shamed." No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.

      I hope this is sarcastic because otherwise it sounds like you think every scam should be legalized and the blame put squarely on the victims.

    7. Re:Hotel Cheaped out. by nnull · · Score: 1

      This is actually in response to the market demand. The properly more engineered solutions do not exist and require far more engineering. There is a demand for more high tech solutions and there is a serious lack of products to meet those demands. And since no one wants to pay for any engineering anymore or "team of engineers" and idiotic management that pushes their vendors to the limits, you get stuff like this.

      And by the way, I've used tablets to build HMI screens in industrial areas that work great (Both stripped down Android or linux if I can get it on there), but I can tell you that it sure isn't insecure as this system is. This system could have easily been secured since Android offers you a lot of tools to do it.

    8. Re:Hotel Cheaped out. by Megane · · Score: 1

      Modbus over TCP may be the "standard" for "industrial controls systems", but it's not anywhere near the standard for commercial lighting control. BACnet is probably the most common standard, or at least the "lingua Franca" that most proprietary systems have a gateway for. There are also DALI, LonWorks, and DMX512 (mostly used for stage lighting)

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    9. Re:Hotel Cheaped out. by nnull · · Score: 1

      It's true. Anyone that works in industrial automation can attest how crappy everything is regarding security.

    10. Re:Hotel Cheaped out. by nnull · · Score: 2

      Lots of "Industry Standard" stuff that is just not right with the times and plenty of those people will argue against changing.

    11. Re:Hotel Cheaped out. by nnull · · Score: 1

      If the contractor is going to install this lighting control device with the default password anyways and on the same LAN network, what's the point?

    12. Re:Hotel Cheaped out. by adolf · · Score: 1

      DMX512 is no better, being a dumb multi-drop RD-485 serial bus with zero authentication.

      I admit that I lack knowledge of BACnet, DALI, or Lonworks, specifically but generally: Industrial control systems don't have authentication.

      The chances of the radio console(s) that your local public-safety agencies use of potentially having IP connectivity and default passwords is astonishingly good, for instance.

      I saw one instance of this in a town not far from where I live, where the radio system used IP addresses which were in a subnet documented in the manual, and the whole mess of it was cross-connected to the building's (simple) LAN, and where someone had connected an 802.11 access point named "NETGEAR" without even so much as WEP to attempt to keep passerby out.

      Toggling the lights and drapes in a hotel seems like child's play compared to mucking about with the operation of fire trucks and ambulances.

      --
      Kid-proof tablet..
    13. Re:Hotel Cheaped out. by thegarbz · · Score: 1

      If they used a REAL control system this would not be the issue.

      You mean a real control system, like a control system used a lot in industry and commercial settings?
      Such a control system that is most probably running a protocol like Modbus TCP?
      Is that the kind of control system you're talking about?

      This was a story about someone finding a way to access a Modbus TCP connection to control a building. This is very much not only a "real" control system, but it is also probably the single most widely used protocol for this kind of control in the world, and it's a protocol problem which has nothing to do with the control system.

    14. Re:Hotel Cheaped out. by thegarbz · · Score: 3, Interesting

      No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.

      They did their due diligence. It runs Modbus TCP. That's like an industry standard man. Everyone uses that. It must be good!

    15. Re:Hotel Cheaped out. by Lumpy · · Score: 1

      Bacnet is the standard for commercial lighting. Modbus has NEVER been used for lighting control in commercial.

      --
      Do not look at laser with remaining good eye.
    16. Re:Hotel Cheaped out. by Lumpy · · Score: 1

      Lack of serious products?

      Crestron, AMX, Lutron, Hubbell, Leviton ALL make this stuff that is not based on cheap-ass android tablets and half assed networking without any kind of security in place.

      And all of those companies have been in business longer than you have been alive. There are tons of "properly more engineered solutions" out there and they have been there for decades.

      --
      Do not look at laser with remaining good eye.
    17. Re:Hotel Cheaped out. by fgouget · · Score: 1

      Perhaps you should learn the difference between simple incompetence and scamming.

      You implied the salesman knowingly sold an insecure system when you said he "should win salesman of the year". Otherwise he was simply incompetent, the buyer was incompetent, and neither should win any prizes.

    18. Re:Hotel Cheaped out. by lsatenstein · · Score: 1

      If they used a REAL control system this would not be the issue. but instead they tried to do it as cheap as possible using consumer crap.

      Tablets at the light switches is insanely stupid as well. real automation lighting systems still have physical buttons at entryways and doorways for the lights.

      Whoever sold this system to the hotel needs to be outed and publicly shamed.

      The hotel is in the hotel business. They trust the electronic doors, and other security stuff to contractor. It is the contractor that should be liable, if some item was stolen from a room.

      --
      Leslie Satenstein Montreal Quebec Canada
    19. Re:Hotel Cheaped out. by msauve · · Score: 1

      "You implied the salesman knowingly sold an insecure system when you said he "should win salesman of the year".

      I did no such thing. He should win it simply for selling a costly, high tech, high support solution in place of a wall switch.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    20. Re:Hotel Cheaped out. by Jack+Griffin · · Score: 1

      No, they should win salesman of the year. The shaming should go to whoever at the hotel didn't do due diligence, and bought the system.

      Same goes for whoever is approving those smart elevator controls, you know the ones where the lift has no buttons, you type in your floor on a panel in the lobby, then get assigned a lift number? They are becoming more and more common and I always have a worse experience with them than the old fashioned up and down buttons with floor buttons in each lift.

  5. Screw control, monitoring more interesting... by SuperKendall · · Score: 4, Insightful

    If he can query the light status, why not polls every room every two minutes or so - and make a note of which rooms had been on, then were turned off implying the owners had left...

    Nothing like being able to know a room will have belongings but is unoccupied to make the burglar's work easy.

    On a side note I can't really blame them for matching IP to room number, just from a trouble-shooting perspective... the real problem is lacking unique per-room authentication.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Screw control, monitoring more interesting... by thegarbz · · Score: 1

      Nothing like being able to know a room will have belongings but is unoccupied to make the burglar's work easy.

      That depends on your hotel. Having "lived" in a few hotels (to the point where the concierge of one hotel gave me a house warming present when I left), I can tell you that during the day I didn't use the lights as it was bright enough, and at night while watching a movie or sleeping I didn't use the lights either.

      On the other hand walking down a hallway and seeing a couple walk out of the room is a far simpler way of knowing that a room is empty.

    2. Re:Screw control, monitoring more interesting... by Jack+Griffin · · Score: 1

      Nothing like being able to know a room will have belongings but is unoccupied to make the burglar's work easy.

      Because risking jail for stealing tourist's clothes is worth it for your average IT savvy crook....

    3. Re:Screw control, monitoring more interesting... by SuperKendall · · Score: 1

      I don't know whey you are stealing clothes when you could have laptops, iPads and jewelry.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
    4. Re:Screw control, monitoring more interesting... by Jack+Griffin · · Score: 1

      I don't know whey you are stealing clothes when you could have laptops, iPads and jewelry.

      Have you ever stayed in a hotel? Most people will have their valuables on them, or if left in the room kept in a safe. I hardly think that renting a hotel room, which you have to present ID and credit card (sure you could fake that but...) only so you can hack the electrical control bus to try and work out when another guest is not in (maybe), so you can somehow break down their door, and pray they have something valuable lying around you can steal (that doesn't have GPS and tracking), and hope there's no cameras or security (which there usually is), is the best idea I've heard of.
      If you want to steal stuff, learn how to climb or abseil and come in through the window. It's a whole lot simpler.

  6. Uhh...no. by gruntspeak · · Score: 1

    MacGyver would have built a transparent bridge using mothballs and saliva, not usb adapters.

  7. Lights, cameras, ... by C3ntaur · · Score: 1

    I recently stayed in a hotel that provided a tablet in every room for accessing amenities, such as room service. It appeared to be equipped with a camera and microphone, as most tablets are. And I have little doubt the security at that hotel was as bad as what the poster described.

    --
    Loading...
    1. Re:Lights, cameras, ... by Locke2005 · · Score: 1

      Big Brother is watching you!

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    2. Re:Lights, cameras, ... by Intron · · Score: 1

      I recently stayed in a hotel that provided a tablet in every room for accessing amenities, such as room service. It appeared to be equipped with a camera and microphone, as most tablets are. And I have little doubt the security at that hotel was as bad as what the poster described.

      Does anyone know what hotel Erin Andrews is staying in?

      --
      Intron: the portion of DNA which expresses nothing useful.
  8. Re:I see VPN or Firewall in their future. by omglolbah · · Score: 1

    Cost most likely. Or an oblivious implementer.

  9. the reason for not having nice things by Anonymous Coward · · Score: 1

    This, exactly this, hacking into it, outing it as cheap crap, saying it's not secure, blah blah blah, keep living in your encrypted utopia and kill yourself yesterday for all our sakes.

    why does it have to be ten times the price this hotel already paid for? just fuck you guys, you're all just a bunch of lame ass chatterbugs, not even worthy of any goatse.

    have fun with it for a moment, let the hotel know about it, especially the owners of the hotel, and maybe just maybe, karma won't bite you in the electrical switches.
    and all you others here, keep on whining about it, it's your national pass time, though it only serves the war; go babelfish !

    [wdw]

    1. Re:the reason for not having nice things by james_gnz · · Score: 1

      ... keep living in your encrypted utopia and kill yourself yesterday for all our sakes. ... why does it have to be ten times the price this hotel already paid for? ...

      I'm guessing this was intended as hyperbole, and I don't know what the actual additional cost would have been for the hotel, although I expect a lack of security is common, and it may well have cost the hotel somewhat more to put some kind of security in place.

      Where some kind of security is common practice though, I don't think it need cost an awful lot more. Cars tend to come with locks as standard, and builders tend to put them in buildings. (Not necessarily great locks, but at least something.) Police may encourage people to ensure they use their locks, and insurance may not be available otherwise. This is widely accepted, and few people complain about the additional cost of locks, or deride their use.

      If some kind of security were standard in these sorts of set ups too, then I expect economy of scale would make it affordable. I don't think it ought to be any different from using locks. To me it just seems sensible.

  10. Re:I see VPN or Firewall in their future. by xtal · · Score: 1

    VLAN doesn't do much unless it's also enforced via a smart switch..

    --
    ..don't panic
  11. Indians by ArchieBunker · · Score: 1

    Guarantee this was dreamed up by someone from India.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
    1. Re:Indians by smooth+wombat · · Score: 1

      And implemented by an American in a board room deciding who they need to fire next so they can make their quarterly bonus.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  12. Re:Welcome to the Internet of Shitty Things by Locke2005 · · Score: 1

    Agreed, we're going to be seeing problems caused by poor security in the IoT for the next decade or so. But then, WiFi was the same way (and still is).

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  13. Re:You could have make this much more fun and usef by toonces33 · · Score: 1

    I would like to use my device to simultaneously flush every toilet in the building. And then after having done that, then I would like to use my device to book a different hotel for the evening.

  14. Re:Not a control system by stooo · · Score: 1

    >>It's a slapdash bunch of crap stuck together
    That's the definition of a system.

    --
    aaaaaaa
  15. Because by Ol+Olsoc · · Score: 3, Insightful
    Those old fashioned light swtches were just too reliable.

    Welcome to the Internet of really gadamned stupid things.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  16. Re:not even wireless(!) by Megane · · Score: 1

    Except that from TFA you can tell that it used a wired Ethernet setup. Wireless is a dumb idea because hotels are infamous for crappy wireless internet, especially when full for a convention full of nerds. And if somehow the wireless encryption did get hacked, he could passively see everything. At least with Ethernet connected via switches, he couldn't passively monitor any other room's traffic.

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  17. power shutdown in hotels by Anonymous Coward · · Score: 1

    In a lot of hotels in Europe, you have to shove your key card into a receptacle near the door which turns on the power to the room.
    (of course, most don't care what card you use, so if you want to leave the lights on when you leave, you use a keycard from some other place)
     

    1. Re:power shutdown in hotels by Bert64 · · Score: 1

      But most annoyingly, shutting off the power means i can't leave something charging in the room while i go out somewhere.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    2. Re:power shutdown in hotels by rpstrong · · Score: 1

      Or a bottle of rec wine sitting on the air conditioner to properly chill (cellar temp) for dinner.

      (One of those combined A/C and heater units, with a convenient horizontal grill. And I set it up at lunchtime, after the room had been cleaned - the maids were trained to turn the A/Cs off).

  18. I'm surprise the door locks weren' on the network. by WarlockD · · Score: 1

    If your going though all the trouble of networking all the lights/TV's in the entire hotel, why not the door locks too?

  19. Tetris? by SpaghettiPattern · · Score: 2

    So, eventually, was he able to play tetris with the hotel as display?

    --

    I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
  20. Private VLAN by Bert64 · · Score: 1

    The solution is pretty simple, setup private vlanning so that only the ports in a given room can talk to each other, and any central server authenticates the connection based on the incoming port.
    Sure the traffic is still in the clear but so what? You would be able mitm your own room and turn off your own lights, which you could have done anyway.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!