Nathan J. Lichtenstein is a Senior Network Engineer at Vandis; he is a critical player in ensuring that our clients' network infrastructure needs are met, whether on-premise or in the cloud. Recently, Nathan headed out on vacation to Las Vegas, but taking an engineer out of the office doesn't quell curiosity; he quickly discovered that the Casino's network security was less than ideal.
With my out of office set and my clients tucked away for the week, I headed on vacation for some much-needed rest, relaxation, and gambling.
While walking the casino floor, cooling off between my consistent losing streaks, my wireless was constantly dropping in and out. As I tried to reconnect, I noticed the RF space was littered with dozens of wireless networks, all with very similar SSIDs.
Looking around the casino, I noticed that about a third of the table games around me had free-standing digital LCD signs on them displaying various game parameters. Curiosity got the best of me, and a quick Google search turned up a PDF quick start guide for an LCD manufactured by Carmanah Signs.
A scroll of the document turned up a default password listed on page two. I again picked a random network, entered the password, and was immediately connected. A quick LAN scan using the free Network Utility app for iPhone showed only one other device on the ad-hoc network I had just joined.
I threw the IP address into my browser and, to my shock and delight, was immediately in full control of one of the table signs. I could change the name of the game, the minimum bet, the maximum bet, and a whole host of other device settings.
After poking around in the device, I found a non-intrusive identification function - pressing the button would cause the sign's backlight to flash seven times subtly. I gave it a tap and watched a barely perceptible flicker go off in front of me. It was a fun exercise and was as far as I was willing to go with my new found powers.
Even while on vacation, I'm still a solution-focused engineer. Let's think about what should be done to improve this setup.
Seeing that there is no built-in authentication provided by the manufacturer for individual signs, at a bare minimum the wireless passwords should be changed on each sign. Still, having to deal with each sign on an ad-hoc basis is not ideal so let's think bigger.
Security and manageability should be the name of the game. Let's set up a hidden SSID, secure it (WPA only per the full manual), lock down the SSID even further with a MAC address access control list, and wall it off from everyone but a subset of consoles.
Taking the steps above will lock the devices down the best they can be, considering their design weaknesses, and enable centralized management of the signs.
Fortunately for this casino, changing the displayed information on the signs won't get a malicious actor too far; it'll inevitably cause a headache for the pit boss, though.
Engineers like Nathan help Vandis to build robust security solutions without compromise. For more information on Vandis' offerings, be sure to reach out for a free consultation.