A Linux programmer staying in a resort for a seminar has found, with almost no experimenting, that he managed to make use of the organization’s advanced Android-established room light controls to jump on the network and gain access to the environmental controls in every other room in the resort.

Garrett’s minor irritation at easy, functioning technology (light switches) being replaced by sophisticated and possibly exploitable OS-established technology led him to see whether there clearly was a way into the system.

android-resort-light switch-systemGarrett found that the environmental system was regulated over TCP by the generally-employed Modbus  protocol, developed by Modicon (now Schneider Electric) in 1979. Garrett subsequently used the Python- established PyModbus framework to start controlling his own room lights, and to make his own drapes close and open.

It then occurred to him that he could possibly do the same for any room in the resort. Interested as to the IP address controlling his room, he found that it was really based on his room number:

“And then I discovered something. My room number is 714. They wouldn’t, would they?
I mean yes clearly they’d.
It is essentially as awful as it could be – once I Had figured out the gateway, I really could get the control systems on each flooring and query other rooms to determine whether the lights were on or not, which strongly suggests that I could control them as well.”