Black Hat: Researcher demonstrates how he controlled room devices in luxury hotel

Share this article:
Talk stresses IoT concerns as today's problems
An insecure home automation protocol allowed the hacker to control room amenities, like lights, TVs and temperature settings.

At a Black Hat 2014 session, one hacker revealed how he was able to control basic amenities in a luxury hotel – and why the hospitality industry must update its security policies to take into consideration Internet of Things threats.

On Wednesday afternoon, Jesus Molina, a San Francisco-based security consultant, detailed his findings at a talk called “Learn How to Control Every Room at a Luxury Hotel Remotely.”

While staying at the St. Regis Shenzhen five-star hotel in China on a business trip, Molina discovered that he could control room devices in over 200 rooms, which were managed by an iPad app called “digital butler” available to all guests.

By reverse engineering an insecure home automation protocol called KNX/IP (which is used widely in China), Molina was able to switch on a light bulb in his own hotel suite. From there, he determined that other room features, like television control, opening and closing blinds and temperature settings, were in danger of being commandeered as the iPad was installed in each guest's room. 

Molina revealed that it was easy enough to write a script for the remote control of numerous room devices, since device KNX addresses were associated, or sequential, with room IP addresses. In addition the KNX automation system was insecure, sending traffic over an open wireless network.

During the session, he said that he “did not hack” the automation system, but simply “abused” the KNX protocol, which was created back in the early 90s.

Ahead of Molina's Black Hat talk, a St. Regis spokesperson told the South China Morning Post last week that it had “temporarily suspended the control system of the in-room iPad remote controls for system upgrading,” but that Molina's claim that he took over the automation system was “unsubstantiated.”

During the Wednesday session, Molina played a video of himself making a light in his own room come on using the discussed methods.

He also stressed that the KNX protocol (considered an open standard) was only available for download for €1,000 online when he searched for it, and that the information should be “open” to the research community for future testing.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.