Spanish hacker manages to control every room at a luxury hotel remotely

Imagine the following situation. You arrive at your hotel. And not just any hotel, no. A gorgeous 5-star hotel that occupies the top 28 floors of a 100-storey skyscraper. You enter your room and find a tablet with an app that lets you control the room temperature, lights, TV and even the blinds.

You’d probably be very surprised and also amazed by the latest technological developments. A hotel where the Internet of Things has finally become a reality: home automation at your fingertips! In this scenario, if, for example, something started to malfunction in your room, you’d probably think it is just a system error. But what if it wasn’t? Maybe a hacker has just taken control of your room…

Traveling in luxury

The hotel we have just described is real, as real as the iPad2 that guests find in their rooms. And yes, the hacker who managed to take control of this hotel’s rooms is also real.

His name is Jesús Molina, a San Francisco-based security consultant from Spain who, during a stay at the beginning of the year in Shenzhen, a Chinese city located approximately 50 minutes away from Hong Kong, discovered he could take control of every single room in his hotel.

This hotel is none other than the St. Regis Shenzhen, a luxury 5-star hotel that provides guests with an iPad 2 to control features of their rooms.

As explained by Molina at this year’s Black Hat convention, one of the world’s largest computer security events, he managed to control room devices in over 200 rooms.

Hacking without bad intentions

Molina limited his tinkering to turning on and off various “Do Not Disturb” lights in hallways, but claims that a hacker could take control of virtually every appliance in the hotel remotely, and the attacker wouldn’t even need to be in the same city, or country, as the hotel.

The deployment of the room automation system used by the hotel contained a flaw that could allow an arbitrary attacker to control the lights, TVs, temperature, music and even the automated blinds in every single room.

The problem stemmed from the fact that the hotel’s room automation system was based on KNX, an outdated, insecure standard from the 1990s. That, plus the fact that all devices were connected to the same Wi-Fi network that guests connect to, allowed Molina to write a script to potentially control every one of the hotel’s rooms.

The worrying thing is that a hacker with malicious intent could take advantage of a flaw such as this to perpetrate actions much more dangerous than Molina’s innocent manipulation. For example, rising the temperature of a room where elderly people sleep to 40 degrees Celsius in the middle of the night might have fatal consequences.

And not only that, Molina discovered that it wasn’t even necessary to be connected to the hotel’s Wi-Fi network to be able to access its automation system. Actually, any hacker could be able to access it from anywhere in the world, as the network didn’t use device authentication controls. In other words, it was possible to hack into the hotel’s network without having to use the iPads provided by the hotel.

A top-flight hacking discovery

Additionally, security researcher Rubén Santamarta announced another worrying discovery during his talk at the Black Hat security conference. This hacker from the Spanish city of Leon claimed to have found a way to interfere with aircraft avionics via a vulnerability in the on-board Wi-Fi signal.

Representatives from the companies that could be affected by this vulnerability have quickly downplayed the risk of cyber-hacking, stating that the flaw does not pose any threat to passengers’ security.

Nevertheless it is clear that the Internet of Things is here to stay, albeit with communication protocols that were not initially designed for it and may pose clear dangers.