LAS VEGAS--When Adam Laurie stays at hotels, he says he can hack his way around paying for premium TV channels, the minibar and phone calls.
What's more, by connecting his laptop to certain modern hotel TV systems, Laurie says he can spy on other guests. He can't look into their rooms (yet), but depending on the system he can see what they are watching on their TV, look at their guest folios, change the minibar bill and follow along as they browse the Internet on the hotel television set.
To tease his fellow guests, he can also check them out of their room and set early wake-up calls via the TV.
Laurie can do all this because of what he calls the "inverted security model" of the systems. "The TV is controlling which content I get to see. The hotel in most cases is streaming all content without any control," Laurie said in a presentation Saturday here at the Defcon event for security professionals and enthusiasts.
By plugging the hotel TV cable into a USB TV tuner connected to a laptop computer, Laurie can hack his way into the back-end systems controlling the entertainment and other convenience features found in modern hotels, he said in his presentation.
He found that many of those systems give access to information depending on an ID associated with the room's TV. By changing that ID, he said that he was able to access information for other rooms. Many such hotel systems show guest bills, phone and room service records and offer video check-out.
Laurie found that the hotel TV systems also have special controls for hotel employees. Housekeeping staff can report a room as clean, for example. Additionally, he found that some systems let room service staff input billing for the minibar, which he now controlled.
"Sometimes you can actually control physical devices," Laurie said. In one Holiday Inn hotel he found the system that controlled an electronic lock on the minibar.
While staying at a Hilton hotel in Paris, Laurie automated his hack and placed a camera in front of the TV. He snapped pictures of every screen and found out the occupancy rate of the hotel, the names of the guests, what they were paying, where they were calling and how long they had been at the hotel. He showed the pictures at Defcon, but obscured the guest names.
Part of Laurie's hack is simple. He found that premium channels are actually being broadcast all the time; the TV just can't tune into them until the guest pays. If a someone brings in a TV--the laptop and USB TV tuner will do fine--and connects it, they're set.
It gets harder from there. Changing the ID of the TV requires some skill, as does finding the room service billing codes. The systems use codes entered on the TV remote. So Laurie carries around an infrared device that he connects to his laptop. He wrote a program that sends codes to the TV and in about 30 minutes finds the relevant ones.
And the situation isn't getting better. "They are starting to do things like allowing you to put credit card numbers in through the TV," Laurie said. Also, he said, some of the makers of these hotel systems are looking at adding Webcams, perhaps to let people chat over the Internet.
This is not new; I often brought a custom remote control or my PDA to hotel rooms. Most hotels use a CATV converter that simply restricts what channels you can go to. By using a universal remote you can change to these unlisted channels to see Pay TV and folios of other people.
The author is correct. These systems are very rudimentary and do not use encryption or non-standard signaling. They are modified CATV systems for the most part. Some newer hotels are using broadband modems connected to a scale in the mini-bar to report usage to the front desk. The cable system in a hotel room provides a wealth of (shared) data.
As a long time hacker I have hacked the electronic door access systems and the Premium Television services in hotels as well for personal enjoyment. I think hotels need to take a more serious look at security now that portable computers and electronics are more main stream now. These non-propriety technologies are no longer running in closed circuit isolation.
This is not new; I often brought a custom remote control or my PDA to hotel rooms. Most hotels use a CATV converter that simply restricts what channels you can go to. By using a universal remote you can change to these unlisted channels to see Pay TV and folios of other people.
The author is correct. These systems are very rudimentary and do not use encryption or non-standard signaling. They are modified CATV systems for the most part. Some newer hotels are using broadband modems connected to a scale in the mini-bar to report usage to the front desk. The cable system in a hotel room provides a wealth of (shared) data.
As a long time hacker I have hacked the electronic door access systems and the Premium Television services in hotels as well for personal enjoyment. I think hotels need to take a more serious look at security now that portable computers and electronics are more main stream now. These non-propriety technologies are no longer running in closed circuit isolation.
Although cable TV is rumoured to be secure, a recent hacking of cable TV happened over here in Belgium. A Belgian TV celebrity got his television show hacked while he was covering the recent Steve Jobs speech. By chance it happened to be that he was recording his own private show at home and thus could register the succesfull hacking TV even though the studios swear the hacking did not occur at their premises. Here's a digitized version: <a class="jive-link-external" href="http://www.brice.org/wp-content/movies/jt_pc_mac.mov" target="_newWindow">http://www.brice.org/wp-content/movies/jt_pc_mac.mov</a> He's still searching for the culprits and how they did it technically.
Although cable TV is rumoured to be secure, a recent hacking of cable TV happened over here in Belgium. A Belgian TV celebrity got his television show hacked while he was covering the recent Steve Jobs speech. By chance it happened to be that he was recording his own private show at home and thus could register the succesfull hacking TV even though the studios swear the hacking did not occur at their premises. Here's a digitized version: <a class="jive-link-external" href="http://www.brice.org/wp-content/movies/jt_pc_mac.mov" target="_newWindow">http://www.brice.org/wp-content/movies/jt_pc_mac.mov</a> He's still searching for the culprits and how they did it technically.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
But I also will say thats d^^ stupid of the hotels
to have the TVs networked like that.
But I also will say thats d^^ stupid of the hotels
to have the TVs networked like that.
The author is correct. These systems are very rudimentary and do not use encryption or non-standard signaling. They are modified CATV systems for the most part. Some newer hotels are using broadband modems connected to a scale in the mini-bar to report usage to the front desk. The cable system in a hotel room provides a wealth of (shared) data.
As a long time hacker I have hacked the electronic door access systems and the Premium Television services in hotels as well for personal enjoyment. I think hotels need to take a more serious look at security now that portable computers and electronics are more main stream now. These non-propriety technologies are no longer running in closed circuit isolation.
The author is correct. These systems are very rudimentary and do not use encryption or non-standard signaling. They are modified CATV systems for the most part. Some newer hotels are using broadband modems connected to a scale in the mini-bar to report usage to the front desk. The cable system in a hotel room provides a wealth of (shared) data.
As a long time hacker I have hacked the electronic door access systems and the Premium Television services in hotels as well for personal enjoyment. I think hotels need to take a more serious look at security now that portable computers and electronics are more main stream now. These non-propriety technologies are no longer running in closed circuit isolation.
Here's a digitized version: <a class="jive-link-external" href="http://www.brice.org/wp-content/movies/jt_pc_mac.mov" target="_newWindow">http://www.brice.org/wp-content/movies/jt_pc_mac.mov</a>
He's still searching for the culprits and how they did it technically.
Here's a digitized version: <a class="jive-link-external" href="http://www.brice.org/wp-content/movies/jt_pc_mac.mov" target="_newWindow">http://www.brice.org/wp-content/movies/jt_pc_mac.mov</a>
He's still searching for the culprits and how they did it technically.