I'm amused by the use of Modbus. I worked on Modbus networking back in the 1980's at Modicon (a company that disappeared long ago that created the "standard"). Using a protocol invented before the internet to control devices on a semi-public network is insane.
The original Modbus was designed to communicate with factory devices controlled by logic controllers over serial and eventually over a custom token ring network. Modbus got moved to TCP at some point when I stopped paying attention. Modicon rejected TCP when I was there because the OSI model 7 layer network stack was going to be the next big thing.
I think if people actually knew the true extent of the debacle that industrial control protocols are, they would pass out. If you ever want nightmares, check out EtherNet/IP CIP protocol...
Of course, there are no security provisions whatsoever. If you can get a device on the LAN, you're golden. Every device, fully open to monitoring and control of every attached piece of equipment.
In the new world of inexpensive, battery powered LoRaWan to Ethernet bridges with tens of kilometers range, I can't even begin to imagine the industrial carnage we're heading for. A sufficiently funded attacker could find ways to implant remote monitoring andcontrol in virtually every facility, where they can get a minimum-wage cleaning staff member hired. That means -- pretty much every facility (short of military, perhaps).
I recently went to a LoRaWan workshop funded by my megacorp (a utility company). It felt like paying someone to try and sell you their stuff.
Anyway, what the LoRa did emphasize is that both the network layer and application layer are encrypted with different keys using AES. This means someone would have to compromise both layers to actually control the devices.
Buuut, given that both encryption keys are stored on the device, I bet someone will just walk up with a chip clip and read the keys right out of EEPROM and then the pretty lights will start.
Or they'll just hack the application servers. I've seen some really god awful pieces of software in use.
A vendor once told me "it's so easy to admin our device over the internet. Just go to 192.168..." And of course due to corporate politics we still bought that piece of shit.
Moteino (arduino-based wireless dev platform) supports LoRa if anyone is interested in digging into some current sub-$10 ISM transceivers and their capabilities. http://lowpowerlab.com/moteino/#lora it's also a great project to get started with arduino if you've never worked with it before. Really solid documentation.
Same here - I used modbus only a few years ago, as it worked well for reading analog signals from hydroelectric turbine monitors, into a Linux box that converted them to digital for reporting. I cannot imagine actually using it on a modern network.
Could be. I just spent some time on the modbus.org site. I haven't looked in a while. There is pretty much no mention of security though they claim that Modbus over TCP is an internet protocol.
Given a completely static authentication realm like the rooms of a hotel, Modbus over TCP over IPSec would work just fine, and be transparent to the application. That sort of sounds like a good reason to be using Linux (Android) controllers in the first place; maybe they just forgot to enable it (or let go the installing contractors before their job was done, as soon as everything seemed to be "working.")
Just because its CAN doesn't mean its actually air gapped. If there is a Linux box on one end for SCADA use or similar, then the path is IP -> Linux spl01t -> SocketCAN
The original Modbus was designed to communicate with factory devices controlled by logic controllers over serial and eventually over a custom token ring network. Modbus got moved to TCP at some point when I stopped paying attention. Modicon rejected TCP when I was there because the OSI model 7 layer network stack was going to be the next big thing.