Language Selection

English French German Italian Portuguese Spanish

Hacking the hotel through the TV

Filed under
Security

When Adam Laurie stays at hotels, he says he can hack his way around paying for premium TV channels, the minibar and phone calls.

What's more, by connecting his laptop to certain modern hotel TV systems, Laurie says he can spy on other guests. He can't look into their rooms (yet), but depending on the system he can see what they are watching on their TV, look at their guest folios, change the minibar bill and follow along as they browse the Internet on the hotel TV.

To tease his fellow guests, he can also check them out of their room and set early wake up calls via the TV.

Laurie can do all this because of what he calls the "inverted security model" of the systems. "The TV is controlling which content I get to see. The hotel in most cases is streaming all content without any control," Laurie said in a presentation Saturday at the Defcon event for security professionals and enthusiasts here.

By plugging the hotel TV cable into a USB TV tuner connected to a laptop computer, Laurie can hack his way into the back-end systems controlling the entertainment and other convenience features found in modern hotels, he said in his presentation.

He found that many of those systems give access to information depending on an ID associated with the room's TV. By changing that ID, he said that he was able to access information for other rooms. Many of such hotel systems show guest bills, phone and room service records and offer video check-out.

Laurie found that the hotel TV systems also have special controls for hotel employees. Housekeeping staff can report a room as clean, for example. Additionally, he found that some systems let room service staff input billing for the minibar, which he now controlled.

"Sometimes you can actually control physical devices," Laurie said. In one Holiday Inn hotel he found the system controlled an electronic lock on the minibar.

While staying at a Hilton hotel in Paris, Laurie automated his hack and placed a camera in front of the TV. He snapped pictures of every screen and found out the occupancy rate of the hotel, the names of the guests, what they were paying, where they were calling and how long they had been at the hotel. He showed the pictures at Defcon, but obscured the guest names.

Full Story.

More in Tux Machines

Leftovers: OSS and Sharing

Security Leftovers

GeckoLinux 421 Plasma and SUSE Hack Week

  • GeckoLinux 421 Plasma review - It ain't no dragon
    I heard a lot of good praise about this little distro. My inbox is flooded with requests to take it for a spin, so I decided, hey, so many people are asking. Let us. The thing is, openSUSE derivatives are far and few in between, but the potential and the appeal are definitely there. Something like CentOS on steroids, the way Stella did once, the same noble way Fuduntu tried to emancipate Fedora. Take a somewhat somber distro and pimpify it into submission. GeckoLinux is based on openSUSE Leap, and I chose the Plasma Static edition. There's also a Rolling version, based on Tumbleweed, but that one never worked for me. The test box for this review is Lenovo G50. But wait! Dedoimedo, did you not recently write in your second rejection report that GeckoLinux had failed to boot? Indeed I did. But the combo of yet another firmware update on the laptop and a fresh new download fixed it, allowing for a DVD boot. Somewhat like the painful but successful Fedora exercise back in the day. Tough start, but let's see what gives.
  • La Mapería
    It is Hack Week at SUSE, and I am working on La Mapería (the map store), a little program to generate beautiful printed maps from OpenStreetMap data.
  • HackWeek XIV @SUSE: Tuesday

From Vista 10 to Linux Mint

  • Microsoft Scared into Changes, 5 Reasons to Ditch
    Following a small claims court judgment against them, Microsoft announced they would be making declining their Windows 10 upgrade easier. Why not just switch to Linux as Daniel Robinson highlighted five reasons you should. My Linux Rig spoke to Christine Hall of FOSS Force about her "Linux rig" today and Bryan Lunduke had some thoughts on Canonical's collaboration myth. Dedoimedo reviewed GeckoLinux 421 and Gary Newell tested Peppermint 7 on his new Lenovo Ideapad.
  • After Multi-Month Tone Deaf Shitshow, Microsoft Finally Lets Users Control Obnoxious Windows 10 Upgrade
    Microsoft's decision to offer Windows 10 as a free upgrade to Windows 7 and Windows 8.1 made sense on its surface. It was a nice freebie for users happy to upgrade, and an effective way to herd customers on older Windows iterations onto the latest platform to help consolidate support expense. But Microsoft's upgrade in practice has seen no shortage of criticism from users annoyed by a total lack of control over the update, and Microsoft's violent tone deafness in response to the complaints. For example a Reddit post from an anti-poaching organization made the rounds earlier this year after the 17 GB automatic Windows 10 update resulted in huge per megabyte charges from their satellite broadband ISP. Microsoft's response to these complaints? Ignore them. As complaints grew, Microsoft finally provided a way to fully disable the forced upgrade, but made sure it involved forcing users to modify the registry, something Microsoft knew full well less technical users wouldn't be comfortable attempting to hurdle. [...] Things have been escalating ever since, often to comedic effect. But this week things changed somewhat with the news that Microsoft has struck a $10,000 settlement with a California woman who sued the company after an ill-timed Windows 10 upgrade brought her office computers to a crawl. The woman took Microsoft to court after support failed to help resolve the issue, a spokesman saying Microsoft halted its appeal of the ruling "to avoid the expense of further litigation."
  • Microsoft pays $10,000 to unwilling Windows 10 updater
  • The Linux Setup - Christine Hall, FOSS Force
    On my main desktop, I use Linux Mint 17.1, Rebecca. My main laptop, a 64-bit machine, is running Mint 17.2 Rafaela. The laptop got updated from Rebecca so I could write a review, but the desktop never got upgraded because it’s a 32-bit machine and would require another download, which I haven’t had the time to do. I have another laptop running Bodhi, which might be my favorite distro, but I can be more productive with Mint.
  • Linux Mint 18 Finally Arrives — Download Cinnamon and MATE Edition ISO Files Here
    The wait for the summer’s hottest Linux distro is over and you can finally download the release version of Linux Mint 18 “Sarah”. Often called the best Linux distribution for desktop PCs, Mint 18 comes loaded with new features and Linux 4.4 LTS Kernel.