Language Selection

English French German Italian Portuguese Spanish

Hacking the hotel through the TV

Filed under
Security

When Adam Laurie stays at hotels, he says he can hack his way around paying for premium TV channels, the minibar and phone calls.

What's more, by connecting his laptop to certain modern hotel TV systems, Laurie says he can spy on other guests. He can't look into their rooms (yet), but depending on the system he can see what they are watching on their TV, look at their guest folios, change the minibar bill and follow along as they browse the Internet on the hotel TV.

To tease his fellow guests, he can also check them out of their room and set early wake up calls via the TV.

Laurie can do all this because of what he calls the "inverted security model" of the systems. "The TV is controlling which content I get to see. The hotel in most cases is streaming all content without any control," Laurie said in a presentation Saturday at the Defcon event for security professionals and enthusiasts here.

By plugging the hotel TV cable into a USB TV tuner connected to a laptop computer, Laurie can hack his way into the back-end systems controlling the entertainment and other convenience features found in modern hotels, he said in his presentation.

He found that many of those systems give access to information depending on an ID associated with the room's TV. By changing that ID, he said that he was able to access information for other rooms. Many of such hotel systems show guest bills, phone and room service records and offer video check-out.

Laurie found that the hotel TV systems also have special controls for hotel employees. Housekeeping staff can report a room as clean, for example. Additionally, he found that some systems let room service staff input billing for the minibar, which he now controlled.

"Sometimes you can actually control physical devices," Laurie said. In one Holiday Inn hotel he found the system controlled an electronic lock on the minibar.

While staying at a Hilton hotel in Paris, Laurie automated his hack and placed a camera in front of the TV. He snapped pictures of every screen and found out the occupancy rate of the hotel, the names of the guests, what they were paying, where they were calling and how long they had been at the hotel. He showed the pictures at Defcon, but obscured the guest names.

Full Story.

More in Tux Machines

Is Ubuntu moving away from .deb packages? Here is the complete story

Canonical loves to shake things up. After introducing Unity, HUD, Mir, Click and Snappy the sponsor of Ubuntu is now contemplating moving away from just .deb based desktop and adopting its own Snappy. Read more

Can funding open source bug bounties save Europe from mass-surveillance?

The report also suggests promoting open-source software as a way to build resilience to surveillance, which could be achieved by funding audits of important open-source software. Among several products it highlights is disk encryption software, TrueCrypt, which was recently subjected to a crowd-funded audit that was able to rule out the existence of NSA backdoors in the product. “TrueCrypt is a typical example of a problem of the commons: worldwide use of software package was probably dependent on two or three developers,” the study notes to highlight why funding open source projects may be valuable. Read more

Fedora 23 Release Schedule Published, the Distro Could Arrive on October 27

Now that the Beta version of the Fedora 22 Linux operating system is available for download and testing, the Fedora developers are discussing plans for the next release of the distribution, Fedora 23. Read more

Debian 8 and Mageia 5 RC Released Over the Weekend

What an exciting weekend that just passed. First up, the long-awaited Debian GNU/Linux 8.0 "Jessie" was released in live and traditional installation media. Elsewhere, Mageia 5 Release Candidate was released with UEFI support and other installation improvements. In addition, LibreOffice 4.3.7 was released Saturday as well. Read more