Security vulnerabilities in an iPad-operated digital “butler” application at the Shenzhen St Regis Hotel easily allows hackers to control any of the rooms’ thermostat, lights, blinds, and TV.
Wired published a report that detailed the findings of Jesus Molina, who stayed at the St Regis Shenzhen last year and was able to discover and exploit the service’s security vulnerabilities. Molina found that the iPads provided to every room were running an old communication protocol called KNX that was running unencrypted. Molina stayed for two days and changed to four different rooms in order to investigate further.
“I could have changed every channel in every room so everybody could watch soccer with me, but I didn’t,” he said. However, Molina was able to make the “Do Not Disturb” lights outside the rooms on his floor to blink like a heartbeat.
Molina will be sharing his findings with the Black Hat security conference in August. He also shared his discovery with the hotel’s chief of security, who acknowledged the problem and said they are working to solve it.
- Hacker breaks into Guangdong exam website, offers to digitally change test scores
- Guangdong police border control servers hacked, data leaked online
- Tired of homework, Foshan teen hacks local Bureau of Education website