Language Selection

English French German Italian Portuguese Spanish

Hacking the hotel through the TV

Filed under
Security

When Adam Laurie stays at hotels, he says he can hack his way around paying for premium TV channels, the minibar and phone calls.

What's more, by connecting his laptop to certain modern hotel TV systems, Laurie says he can spy on other guests. He can't look into their rooms (yet), but depending on the system he can see what they are watching on their TV, look at their guest folios, change the minibar bill and follow along as they browse the Internet on the hotel TV.

To tease his fellow guests, he can also check them out of their room and set early wake up calls via the TV.

Laurie can do all this because of what he calls the "inverted security model" of the systems. "The TV is controlling which content I get to see. The hotel in most cases is streaming all content without any control," Laurie said in a presentation Saturday at the Defcon event for security professionals and enthusiasts here.

By plugging the hotel TV cable into a USB TV tuner connected to a laptop computer, Laurie can hack his way into the back-end systems controlling the entertainment and other convenience features found in modern hotels, he said in his presentation.

He found that many of those systems give access to information depending on an ID associated with the room's TV. By changing that ID, he said that he was able to access information for other rooms. Many of such hotel systems show guest bills, phone and room service records and offer video check-out.

Laurie found that the hotel TV systems also have special controls for hotel employees. Housekeeping staff can report a room as clean, for example. Additionally, he found that some systems let room service staff input billing for the minibar, which he now controlled.

"Sometimes you can actually control physical devices," Laurie said. In one Holiday Inn hotel he found the system controlled an electronic lock on the minibar.

While staying at a Hilton hotel in Paris, Laurie automated his hack and placed a camera in front of the TV. He snapped pictures of every screen and found out the occupancy rate of the hotel, the names of the guests, what they were paying, where they were calling and how long they had been at the hotel. He showed the pictures at Defcon, but obscured the guest names.

Full Story.

More in Tux Machines

Introducing Gthree

I’ve recently been working on OpenGL support in Gtk+, and last week it landed in master. However, the demos we have are pretty lame and are not very good to show off or even test the OpenGL support. I’ve looked around for some open source demos that used modern GL that we could use, but I didn’t find anything that we could easily use. What I did find though, was a lot of WebGL demos that used three.js. This looked like a very nice open source library for highlevel 3d rendering. At first I had some plans to bind OpenGL to gjs so that we could run three.js, but this turned out to be a hard. Instead I started converting three.js into C + GObject, using the Gtk+ OpenGL support and the vector/matrix library graphene that Emmanuele has been working on recently. Read more

Swiss crowdfund pays for signed PDFs LibreOffice

In just three days, the Swiss open source community Wilhelm Tux reached its crowdfunding target of 10,000 CHF (about 8000 euro) to add support for digital signatures in PDF documents. The feature will be added to LibreOffice, a free and open source suite of office productivity tools. The project is awarded to Collabora, an open source IT service provider, which will deliver the new functionality in April. Read more

Tumbleweed, Factory rolling releases to merge

“With the release of openSUSE 13.2 due in November, we realised this was a perfect opportunity to merge our two openSUSE rolling-releases together so users of Tumbleweed can benefit from the developments to our Factory development process over the last few years,” said Richard Brown, Chairman of openSUSE board. “The combined feedback and contributions from our combined Tumbleweed and Factory users should help keep openSUSE rolling forward even faster, while offering our users the latest and greatest applications on a stable rolling release.” Read more

Fedora 21 Beta to slip

Today at Go/No-Go meeting it was decided to slip Fedora 21 Beta release as we did not have release candidate (RC) available in time. However we will try one day slip. Read more