Today in "Internet of Things as Applied Demonology" news:

"I stayed in a hotel with Android lightswitches and it was just as bad as you'd imagine"

The hotel I'm staying at has decided that light switches are unfashionable and replaced them with a series of Android tablets. One was embedded in the wall, but the two next to the bed had convenient looking ethernet cables plugged into the wall. So. [...]

And then I noticed something. My room number is 714. The IP address I was communicating with was 172.16.207.14. They wouldn't, would they?

I mean yes obviously they would.

It's not as bad as it could be - the only traffic I could see was from the 207 subnet, so it seems like there's a separate segment per floor. But I could query other rooms on my floor to figure out whether the lights were on or not, which strongly implies that I could control them as well. [...] Hotels are happily deploying systems with no meaningful security, and the outcome of sending a constant stream of "Set room lights to full" and "Open curtain" commands at 3AM seems fairly predictable.

Previously, previously, previously, previously, previously.

Tags: , , , ,

18 Responses:

  1. Christian Vogel says:

    ...running plain unauthenticated ModBUS™ over TCP...

    Where you take a serial protocol for controlling industrial machinery from the eighties, and let it run over a TCP connection. Someone with pythonphobia (jwz?) could control the lights using...

    echo -e ":010300120008E2\r" | nc 172.16.1.2 502

    The age of the protocol is evident from the fact that it refers to binary signals as coils. As in relays. It's actually really a pleasure to use, for it's simplicity!

  2. rcn says:

    Doomed, indeed. I still can't see the rationale behind substituting simple appliances with overpriced and purpose-general hardware running a whole mess of an OS, but everybody seems to be doing it.
    I mean, Android is not even the right thing for a cell phone, let alone a switch.

    [It looks like some process is hogging all your cell RAM, do you want to take a walk though the list of running processes for a fun round of process killing?] No, I just want to make a call, if it's not much to ask.

    • James says:

      Is there a right thing?

    • gryazi says:

      I always figured they'd just kind of isolate the voice stuff from the 'playing with your pocket computer' stuff.

      And then I realized Android is a Google product, and even before they could get Full Evil about it, anything making voice traffic at least equally inconvenient to incurring more data traffic was still a definite win for their agenda in numerous ways. (They still try to do it for the radio itself, of course, for regulatory and not-being-banned-by-the-carriers reasons, but never extended that 'realtime' way of thinking through to the dialer.) Apple, meanwhile, met them in the same place through their usual blind faith in Control of the Software.

      Not that phones didn't rapidly become cameras, but it was weird to discover Android was originally intended for cameras. Could you imagine a pro photographer or videographer putting up with this shit?

      • jwz says:

        It's not like digital cameras have good or even reasonable UIs... The best anyone really says about them is that they've gotten used to it.

    • Cat Mara says:

      One of the arthouse cinemas in my town used to have Windows XP machines embedded in the walls beside each entrance to a screen (we saw them rebooting them one day). These machines ran a full-screen application consisting of a single label widget to display the name of the film. Nothing else.

      I should probably learn to let stuff like this go but I think I have some kind of residual childhood trauma from having grown up on 80s microcomputers, a trauma that causes me psychological pain whenever I see such a blatant waste of resources...

      • Celestial M Weasel says:

        I got a bus from the airport to off airport parking. They had a PC to run some software which alternated between two images (this is our URL and give us your keys). It rebooted every time the bus went over a bump.

  3. DC says:

    https://twitter.com/internetofshit

    https://favstar.fm/users/internetofshit

    And while we're here, how dumb is it that you need a sketch third party site to get someone's top tweets? Twitter is actin da fool

  4. mbanck says:

    About that "It's not as bad as it could be - the only traffic I could see was from the 207 subnet, so it seems like there's a separate segment per floor." part:

    "Oh wait if I guess at the gateway I can actually access all the other floors ¯\_(ツ)_/¯"
    -- https://twitter.com/mjg59/status/708553727515484160

    • Leonardo Herrera says:

      (edited: this previously claimed I could only access systems on my own floor, but it turns out that each floor is a separate broadcast domain and I just needed to set a gateway to access the others)

      So much fun!

  5. James says:

    Apologies if there has been a recent enough killdozer post on which this would be topical, but please be advised.

  6. Otto says:

    The obvious thing to do is to go sit on the roof of the building across the street and play Tetris.

    • James says:

      Tetris? Boring! How about specifying a software-defined radio non-tracking cellphone using modern copy protection hardware? I am convinced there is a way to do this without requiring kernel recompilation.

      • Otto says:

        ... Are you drunk? You are, aren't you. Lay off the gin, son.

        • James says:

          On the contrary, there is no reason that a software-defined cellphone interfacing with the APIs for radios, UIs, and multimedia devices should need any permissions that would require kernel recompilation, but if the marketing department doesn't need your contacts then I'm sure some joker in license management would be glad to require a symbolic kernel recompilation in return for trademark rights somewhere in the click-through that nobody reads.

  7. Mattias says:

    The time for city-wide scrolls is here!

  8. Martin says:

    It's hilarious how when this movie came out, this scene was totally unrealistic, but twenty years later it's completely believable.