According to VentureBeat, this one guest was able to hack into every room of St. Regis Shenzhen hotel in China.
Here’s what the story says, Molina stayed at the 5-star St. Regis hotel in Shenzhen, China. In the room, he found an iPad. It controlled all of the features, such as the drapes, temperature, television, and lights. He investigated the device and found he could easily hack it.
“I controlled 200-plus rooms of a 5-star hotel by abusing an insecure home automation protocol,” Molina said.
The iPad was open to inspection and tampering. The automation protocol was not secure. Molina discovered that the system used software known as KNX/IP. Created in 1990, KNX is popular building automation protocol in China and Europe.
The iPad sent information to the KNXNet/IP router. In turn, that device send instructions to lightbulbs, TVs, and other things. Because it had no security, Molina could see that he could figure out the Internet protocol addresses for each room and the devices in it. To verify his information, he switched hotel rooms.
The first room he moved to was beautiful, but it had no iPad. So he asked to be moved again. He inferred the pattern for the addresses for every device based on the changes from room to room. Then he figured out how to send commands on the network and sent them. He filmed himself turning on the lights in a room in another part of the hotel. He also sent a signal, which he called a “heartbeat,” that verified to him that he could control every room in the hotel.
“They have taken steps to modify the policy so it cannot be done in other hotels,” he said. “We had some tension. I had a lawyer. It turned out happy.”
“If I were able to control every device in your hotel room, will you move to another hotel tonight?”
Hotels need to take pre-caution when installing these type of devices to prevent something like this from happening.
What are your thoughts on this?