Author: Louise Matsakis / Source: WIRED
The connected devices you think about the least are sometimes the most insecure. That’s the takeaway from new research to be presented at the DefCon hacking conference Friday by Ricky Lawshae, an offensive security researcher at Trend Micro. Lawshae discovered over two dozen vulnerabilities in Crestron devices used by corporations, airports, sports stadiums, and local governments across the country.
While Crestron has released a patch to fix the issues, some of the weaknesses allowed for hackers to theoretically turn the Crestron Android touch panels used in offices and hotel rooms into spy devices.
And the research offers an important reminder that your everyday devices aren’t the only potential hacker targets in your life.Never heard of Crestron before? That’s the point. The electronics company makes equipment designed for places like enterprise clients, conference rooms, hotels, and concert halls. They make the touch panels that your company may use to coordinate a meeting, or that you use in a hotel room to control the blinds and lights. Crestron devices are nondescript, and can be programmed to address any organization’s needs.
The company’s equipment is used by the likes of ExxonMobil, Boeing, Target, Twitter, Booz Allen Hamilton, and Microsoft, according to a document on the company’s website. Virginia’s state senators even use Crestron panels to cast votes on bills, says a case study the company released.
“I had never heard of Crestron before I started looking at these devices,” says Lawshae. “I had no idea who they were until I started looking at them, and now I see them everywhere I go.” He found over 20,000 other Crestron devices around the world connected to the open internet, by using IoT search engine Shodan. That includes at the Las Vegas International Airport, near where DefCon is held.
…
The post Hackable Touchscreens Could Spy on Hotel Rooms and Meetings appeared first on FeedBox.