August 05, 2005

Hotel Systems Hackable Through Room TV's

Just when you thought others hacking into your hotel room's Wi-Fi access was annoying, here's one to up the ante: "Hacking the hotel through the TV".

Basically, a knowledgeable person can hook up a laptop with a USB TV tuner and hack into hotel systems that expose other guest information.

Speaking about Adam Laurie, who presented this at the recent DefCon event, the article states: "He can't look into their rooms (yet), but depending on the system he can see what they are watching on their TV, look at their guest folios, change the minibar bill and follow along as they browse the Internet on the hotel television set. To tease his fellow guests, he can also check them out of their room and set early wake-up calls via the TV."

If that wasn't bad enough: "And the situation isn't getting better. 'They are starting to do things like allowing you to put credit card numbers in through the TV,' Laurie said. Also, he said, some of the makers of these hotel systems are looking at adding Webcams, perhaps to let people chat over the Internet." Now doesn't this sound just like, oh, I don't know, Big Brother watching people via television in "1984"? Life imitates art.

He can do all this because of the "inverted security model" of these types of systems. Per Laurie, "The TV is controlling which content I get to see. The hotel in most cases is streaming all content without any control." Talk about a dumb terminal. So he substitutes his own laptop-based TV as the control mechanism to hack the content. He also uses a special infrared remote to hack the remotes codes used to communicate via the TV. (He obviously has waaaay too much time on his hands, but what's a hacker to do when he's bored and stuck in a hotel room?)

So on your next stay, cover up or unplug any courtesy webcams (and their microphones if they have them), don't enter any sensitive data into the TV, and be aware of all your activities through your room's TV. Don't feel strange about doing so -- you're not being paranoid if others are actually accessing this data. For similar reasons, I haven't used public or kiosk PCs in ages due to keyloggers and other spyware.

Hey, after all these years, there's finally something good on cable TV -- your personal information. As Dana Carvey would say, "Now isn't that special?"

Topic(s):   Privacy & Security
Posted by Jeff Beard