During a session at the upcoming Black Hat security conference that starts Aug. 5 in Las Vegas, independent security consultant Jesus Molina is set to expose the risks of hotel automation systems. In a Black Hat preview webcast July 18, Molina provided a few details on his talk “Learn How to Control Every Room at a Luxury Hotel Remotely: The Dangers of Insecure Home Automation Deployment.”
Molina’s hacking adventure began with a visit to the St. Regis Shen Zhen hotel in China. He stressed that he was only a guest and didn’t go there with the intention of conducting a full security penetration audit.
In most rooms at that hotel, there is an Apple iPad that hotel guests can use to control various functions in the room, including lights and blinds. Molina said he was curious how the iPad was controlling all of the room functions so he began to investigate. It turns out the network used for the room automation technology was the same network used for guest Internet access.
Digging deeper, Molina discovered that the protocol used to control the various room attributes is the KNX/IP home automation protocol. He also discovered that the network and its protocol configuration were not secure.
Every room has a different IP address with a KNX/IP router, and Molina was able to gain control of all room attributes, including TV and temperature control, in nearly any room in the hotel that he wanted.
In his formal Black Hat session in August, Molina plans to go into depth about large-scale automation protocols and their inherent risks.
“The problem is that most [protocols] are old or closed,” Molina said.
KNX is an old protocol that was invented in the 1990s, and it’s closed, Molina said. As such, it’s difficult for a security researcher to get information about the protocol, he said.
He is concerned about what home automation protocol use means for security in the Internet of things era. With an increasing number of devices connected to the Internet, the use of insecure or improperly configured devices and protocols becomes a greater risk.
Insecurity at hotel locations overall is not a new topic for the Black Hat conference. Back in 2012, security researcher Cody Brocious detailed an open-source system he built that could hack into hotel key-card systems.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.