Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Wireless Networking

How a Security Researcher Took Over a Hotel's IoT Devices (zdnet.com) 36

"The moment you network IoT and hand over control to third parties, you may also give individuals the keys to a digital kingdom — and the ability to cause mischief, or worse," writes ZDNet.

For example, at a hotel where guests control the devices in their room with an iPod Touch... Speaking at Black Hat USA, Las Vegas, security consultant Kya Supa from LEXFO explained how a chain of security weaknesses were combined and exploited to gain control of rooms at a capsule hotel, a budget-friendly type of hotel offering extremely small — and, therefore, cozy — spaces to guests, who are stacked side-by-side... A neighbor, "Bob," kept waking Supa up by making loud phone calls in the early hours of the morning. While Bob had agreed to keep it down, he did not keep his promise — and the researcher set to work since he needed his sleep, especially during his vacation. The first thing Supa did was to explore his room, finding an emergency light installed for safety reasons; a Nasnos automaton center for use in controlling products in case the iPod Touch was lost; an electric motor used to manage the incline of the capsule's bed; and a Nasnos router, hidden in the wall.

If you connected to the router via a smartphone, it was then possible to control other devices on the network, and this was the setup the hotel chose to use... Supa found that two networks were connected — the hotel Wi-Fi and the router. To retrieve the router key, Supa targeted WEP, a protocol that has been known to be weak for years. Access points, each being one of the bedrooms, were found. Supa inspected the traffic and found weak credentials in place — "123" — and you can guess the rest...

By using an Android smartphone, the iPod Touch, and a laptop, the researcher created a Man-in-The-Middle (MiTM) architecture and inspected the network traffic. No encryption was found and he created a simple program to tamper with these connections, allowing the researcher to seize control of his bedroom through his laptop... Now that he could "control every bedroom," and Bob was still there, Supa then tampered with the lights of different bedrooms until he found the right one. He created a script that, every two hours, would change the bed into a sofa and turn the lights on and off. The script was launched at midnight. We can probably assume Bob did not enjoy his stay.

"I hope he will be more respectful in the future," Supa commented.

This discussion has been archived. No new comments can be posted.

How a Security Researcher Took Over a Hotel's IoT Devices

Comments Filter:
  • by Ostracus ( 1354233 ) on Saturday August 07, 2021 @01:39PM (#61667335) Journal

    "I hope he will be more respectful in the future," Supa commented.

    Lesson:
    Ancient Times: Don't piss off the muscular guy.
    Modern times: Don't piss off the geek.

  • by OzPeter ( 195038 ) on Saturday August 07, 2021 @01:59PM (#61667377)

    And announces to the world that he is a major dick.

    Oh and BTW insecure networks are still insecure. IoT doesn't change this, although it does lower the barrier to entry.

    • WEP, no encryption, "123" password... Possibly every wrong decision that could make this network insecure was made. And the funny thing is that this is your average IoT target audience's behavior, so I expect to hear a lot more fun stories like these as times go on.

    • Who is still carrying around an iPod touch?

    • by phantomfive ( 622387 ) on Saturday August 07, 2021 @02:15PM (#61667405) Journal

      There's a reason the FBI sends officers to watch people at BlackHat.

    • So a guy goes to a conference and announces to the world that he is a major dick.

      How else is he supposed to attract the females soldiers?

    • So a guy goes to a conference and announces to the world that he is a major dick.

      You think this guy is a major dick? Avoid BlackHat conferences because if you go then you're going to have a bad time.

    • And announces to the world that he is a major dick.

      No, he only announced that he is a major dick back.

      Wasn't it Jesus who said "treat thy neighbour" or something like that? Bob clearly wanted to be treated like that, so it would be a dick move not to mess with him.

  • by bobstreo ( 1320787 ) on Saturday August 07, 2021 @02:03PM (#61667383)

    Your IOT network should be separated from you cheesy, non-secured local Internet access.

      If you need to access your IOT network, it should be by authenticated network access.

    • Your IOT network should be separated from you cheesy, non-secured local Internet access.

        If you need to access your IOT network, it should be by authenticated network access.

      Did you setup this network? I mean it was a separate network and it was authenticated if you read TFS. The fact that the authentication had more holes than a colander is not withstanding, but so far it would appear they followed all your advice.

  • ... if he cannot even afford a room in a decent hotel where you don't hear you neighbors telephone calls.
  • Uh huh (Score:2, Troll)

    by fahrbot-bot ( 874524 )

    A neighbor, "Bob," kept waking Supa up by making loud phone calls in the early hours of the morning. While Bob had agreed to keep it down, he did not keep his promise — and the researcher set to work since he needed his sleep, especially during his vacation. ... [and screw with Bob's room]

    Let me get this straight, Bob kept waking him up so, because he needed his sleep, Supa stayed awake hacking the hotel to harass Bob.

    "I hope he will be more respectful in the future," Supa commented.

    It's not your job to teach Bob a lesson. In the future, complain to the management and (a) have them keep Bob in line or (b) ask that you (or Bob) be moved to another room. You might even get a refund, discount or other compensation.

    In the end, you *both* broke the social contract.

    • by sjames ( 1099 )

      Supa stayed awake hacking the hotel to harass Bob.

      Thanks to Bob, not staying awake wasn't an option at that point, so might as well hack...

  • Instead of posturing, they should implement some real security.

  • Although I didn't actually appear to have any actual access, just today, I somehow logged in as a Web Admin while trying to reset my password on a relatively new company's website who just started rolling out their service to my town.

    I shouldn't say who it is, but suffice it to say I saw a little scooter parked in my neighborhood and wanted to take it for a "spin". I was intrigued. I wondered how to use it. Of course I have to download the app.

    I'm skeptical of such things, but I really wanted to try it f

  • Who uses WEP this day and age? I almost want to call BS on this story just because that.

"You'll pay to know what you really think." -- J.R. "Bob" Dobbs

Working...