Language Selection

English French German Italian Portuguese Spanish

Hacking the hotel through the TV

Filed under
Security

When Adam Laurie stays at hotels, he says he can hack his way around paying for premium TV channels, the minibar and phone calls.

What's more, by connecting his laptop to certain modern hotel TV systems, Laurie says he can spy on other guests. He can't look into their rooms (yet), but depending on the system he can see what they are watching on their TV, look at their guest folios, change the minibar bill and follow along as they browse the Internet on the hotel TV.

To tease his fellow guests, he can also check them out of their room and set early wake up calls via the TV.

Laurie can do all this because of what he calls the "inverted security model" of the systems. "The TV is controlling which content I get to see. The hotel in most cases is streaming all content without any control," Laurie said in a presentation Saturday at the Defcon event for security professionals and enthusiasts here.

By plugging the hotel TV cable into a USB TV tuner connected to a laptop computer, Laurie can hack his way into the back-end systems controlling the entertainment and other convenience features found in modern hotels, he said in his presentation.

He found that many of those systems give access to information depending on an ID associated with the room's TV. By changing that ID, he said that he was able to access information for other rooms. Many of such hotel systems show guest bills, phone and room service records and offer video check-out.

Laurie found that the hotel TV systems also have special controls for hotel employees. Housekeeping staff can report a room as clean, for example. Additionally, he found that some systems let room service staff input billing for the minibar, which he now controlled.

"Sometimes you can actually control physical devices," Laurie said. In one Holiday Inn hotel he found the system controlled an electronic lock on the minibar.

While staying at a Hilton hotel in Paris, Laurie automated his hack and placed a camera in front of the TV. He snapped pictures of every screen and found out the occupancy rate of the hotel, the names of the guests, what they were paying, where they were calling and how long they had been at the hotel. He showed the pictures at Defcon, but obscured the guest names.

Full Story.

More in Tux Machines

AV Linux 2018.4.12, Zenwalk Current-180419, Ubuntu MATE 18.04

Progress on Plasma Wayland for 5.13

In February after Plasma 5.12 was released we held a meeting on how we want to improve Wayland support in Plasma 5.13. Since its beta is now less than one month away it is time for a status report on what has been achieved and what we still plan to work on. Also today started a week-long Plasma Sprint in Berlin, what will hopefully accelerate the Wayland work for 5.13. So in order to kick-start the sprint this is a good opportunity to sum up where we stand now. Read more

First set of Bionic (sort-of) RC images for 18.04.

Adam Conrad of the Ubuntu Release Team is pleased to announce the first set of Bionic RC images for Ubuntu 18.04 LTS. Over the next couple of hours, builds for Bionic Final should be added to the tracker[1] for all flavours. The builds have some intentional omissions, but please do test them anyway. Known issues that will be addressed Sunday/Monday: – Volume label still set to Beta – base-files still not the final version – kernel will have (at least) one more revision Despite the above, please, please, please test your images. Do not wait for a “final” build to test, as that guarantees your final build will be broken. We need you testing now, iterating uploads to get your bugs fixed, filing bugs and escalating where you need help. Again: DO NOT DELAY, TEST NOW, FIX BUGS, FILE BUGS, ESCALATE FOR HELP. Happy testing everyone, and here’s hoping we push out another smooth and stress-free release on Thursday. … Adam Conrad Read more

Collaboration Events: Pakistan Open Source Summit, GNOME+Rust Hackfest, DataworksSummit Berlin

  • Pakistan Open Source Summit 2018 concludes [Ed: Not about software]
    A large number of attendees from industry, academia, government, and students participated in the summit. Portuguese Ambassador to Pakistan Dr Joao Sabido Costa was the chief guest at the opening ceremony while former Naval Chief Admiral (r) Asif Sandila graced the occasion as the chief guest at the closing ceremony.
  • ‘Open Summit key to create industry-academy linkages’
    Ambassador of Portugal to Pakistan Dr Joao Sabido Costa has said that events such as the Open Source Summit are excellent for spreading awareness and for creating industry-academia linkages and enhancement of the information technology. He stated this while addressing a concluding ceremony of the two-day informative ‘Pakistan Open Source Summit 2018’ attended by large number of people from industry, academia, government and students. Former naval chief Admiral (R) Asif Sandila co-chaired the concluding session. Dr Joao Sabido Costa said that the organisations should utilise open source platforms to build their IT infrastructures in future. To build open source culture in Pakistan, he recommended roadmap with future activities and timelines for spreading open source.
  • Madrid GNOME+Rust Hackfest, part 2
    Yesterday we went to the Madrid Rust Meetup, a regular meeting of rustaceans here. Martin talked about WebRender; I talked about refactoring C to port it to Rust, and then Alex talked about Rust's plans for 2018. Fun times.
  • DataworksSummit Berlin - Wednesday morning
    Data strategy - cloud strategy - business strategy: Aligning the three was one of the main themes (initially put forward in his opening keynote by CTO of Hortonworks Scott Gnau) thoughout this weeks Dataworks Summit Berlin kindly organised and hosted by Hortonworks. The event was attended by over 1000 attendees joining from 51 countries. The inspiration hat was put forward in the first keynote by Scott was to take a closer look at the data lifecycle - including the fact that a lot of data is being created (and made available) outside the control of those using it: Smart farming users are using a combination of weather data, information on soil conditions gathered through sensors out in the field in order to inform daily decisions. Manufacturing is moving towards closer monitoring of production lines to spot inefficiencies. Cities are starting to deploy systems that allow for better integration of public services. UX is being optimized through extensive automation.