Many new hotels, especially those in Asia, have iPads or Android powered tablets that you can use to control pretty much every aspect of the room from the TV channels you watch to the room temperature.
Now, it seems that, at least in the case of St. Regis Shenzhen, the wireless systems that were used to control the comfort functions used a very hackable protocol. This enabled one “black hat” hacker to get access and control, if he wished, these functions in every room of the hotel all from a single device.
You can access a write up about this on Verture Beat article here.
Here’s excerpt from the article:
Molina stayed at the five-star St. Regis hotel in Shenzhen, China. In the room, he found an iPad. It controlled all of the features of the room, such as the drapes, temperature, television, and lights. He investigated the device and found he could easily hack it.
“I controlled 200-plus rooms of a five-star hotel by abusing an insecure home automation protocol,” Molina said.
The iPad was open to inspection and tampering. The automation protocol was not secure. Molina discovered that the system used software known as KNX/IP. Created in 1990, KNX is popular building automation protocol in China and Europe.
As to what he learned, Molina said, ”Protocols and security policies cannot be an afterthought. Guest security cannot be an afterthought.”
It seems these days hotels are rushing into technology without looking at all angles, including security and privacy. It could be quite embarrassing to a property or a chain if someone abused this type of security hole when VVIPs are staying in house.
What might happen when hotels start to implement smartphones to work as your room key as well? Does anyone really think that these are secure and nobody could break into them?
Given the type of attention or lack thereof paid to the IT infrastructure in many hotels, these security issues and subsequent problems will become more prevalent.