Hacking the hotel through the TV

By Joris Evers on 01 August 2005

When Adam Laurie stays at hotels, he says he can hack his way around paying for premium TV channels, the minibar and phone calls.

What's more, by connecting his laptop to certain modern hotel TV systems, Laurie says he can spy on other guests. He can't look into their rooms (yet), but depending on the system he can see what they are watching on their TV, look at their guest folios, change the minibar bill and follow along as they browse the Internet on the hotel TV.

To tease his fellow guests, he can also check them out of their room and set early wake up calls via the TV.

Laurie can do all this because of what he calls the "inverted security model" of the systems. "The TV is controlling which content I get to see. The hotel in most cases is streaming all content without any control," Laurie said in a presentation Saturday at the Defcon event for security professionals and enthusiasts in Las Vegas.

By plugging the hotel TV cable into a USB TV tuner connected to a laptop computer, Laurie can hack his way into the back-end systems controlling the entertainment and other convenience features found in modern hotels, he said in his presentation.

He found that many of those systems give access to information depending on an ID associated with the room's TV. By changing that ID, he said that he was able to access information for other rooms. Many of such hotel systems show guest bills, phone and room service records and offer video check-out.

Laurie found that the hotel TV systems also have special controls for hotel employees. Housekeeping staff can report a room as clean, for example. Additionally, he found that some systems let room service staff input billing for the minibar, which he now controlled.

"Sometimes you can actually control physical devices," Laurie said. In one Holiday Inn hotel he found the system controlled an electronic lock on the minibar.

While staying at a Hilton hotel in Paris, Laurie automated his hack and placed a camera in front of the TV. He snapped pictures of every screen and found out the occupancy rate of the hotel, the names of the guests, what they were paying, where they were calling and how long they had been at the hotel. He showed the pictures at Defcon, but obscured the guest names.

Part of Laurie's hack is simple. He found that premium channels are actually being broadcast all the time, the TV just can't tune into it until the guest pays. If you bring your own TV--the laptop and USB TV tuner will do fine--and connect it, you're set.

It gets harder from there. Changing the ID of the TV requires some skill, finding the room service billing codes does too. The systems use codes entered on the TV remote. So Laurie carries around an infrared device that he connects to his laptop. He wrote a program that sends codes to the TV and in about 30 minutes finds the relevant ones.

And it isn't getting better. "They are starting to do things like allowing you to put credit card numbers in through the TV," Laurie said. Also, he said, some of the makers of these hotel systems are looking at adding Web cams, perhaps to let people chat over the Internet.

Next time you check into a hotel, first make sure Adam Laurie isn't staying there as well.

E-mail this
Print this
Share this...
- del.icio.us
- digg this
- Reddit
- Slashdot
- StumbleUpon

Join CNET Australia Free newsletters, post to forums and win prizes. Join now - it's free and easy!

Related links

Hotel Dusk: Room 215

Hotel Dusk weaves an absorbing noir-style mystery with traditional adventure game elements and stylish presentation and does it all with a deft touch.
The OzSpot #2: E3 2007 impressions

GameSpot AU brings you the second episode of the OzSpot -- direct from a San Francisco hotel room! Listen as Randolph, Dan, and special guest Guy Cocker from GameSpot UK debate and discuss the burning issues, including PS3 price cuts, hands-on impressions from E3 2007, and much more.
Kensington Contour Roller

Designed to carry 17-inch laptops, the sturdy Kensington Contour Roller combines suitcase-like construction with the organisation of a laptop bag.
Creative TravelSound Zen V

Though weak on bass, this speaker dock is a decent little performer that suits frequent flyers well.

User comments
Leave a comment

kingn
23/08/2005 08:28 AM

It seems that there is always an area that needs tighter security. I'm constantly amazed at our curiosity and the drive to find out what is supposed to be hidden from us. It goes back to the "apple" I guess. No not the electronic one, the organic one that got us into "trouble" in the first place.

Report offensive content

adam
26/01/2007 05:18 AM

there was no apple

Report offensive content

denny
12/03/2008 11:26 AM

The apple that got us in trouble? what are you a fundamentalist?!? I guess there were no such things as dinosaurs either, and evolution is just another silly theory. Being ignorant to all science for the sake of one book is pretty silly, but then again scientologists do it too. But i digress.

Report offensive content

denny
12/03/2008 11:27 AM

Report offensive content

carlostudk
11/11/2008 12:03 PM

very nice, lovely way to do such thing. interesting.

Report offensive content

Leave a comment

Latest tv articles
Popular

Western Digital WD TV

Western Digital comes to the media streaming party with a product set to shake.
Digital television to be called "Freeview"

Australia's free-to-air broadcasters have got together to launch the upcoming Freeview digital television brand and guide.
Oi!: Poll: Does product placement work?

After watching the latest Bond film, we're beginning to wonder whether Bond's so angry just because of all the products he's meant to spruik. We wonder whether he's reading this story right now on his Intel-inside PC...
Australia's giant e-waste recycling centre: Photos

The largest e-waste recycling centre in the southern hemisphere was opened this week in Sydney's Villawood amid controversy over the Federal Government's refusal to commit to a mandatory e-waste recycling policy.
Best televisions for gaming

So you've bought yourself a spanky new PlayStation 3, and you're thinking about buying a flatscreen, but what should you choose?
Clear the coffee table: Five universal remotes reviewed

If trying to juggle multiple remote controls is driving you crazy, check out our round-up of high-end universal remotes. Clear the clutter and control everything from one device.
Oi!: When will analog TV be turned off in my area?

Want to know how long you have until you need a digital set-top box? We go through each of the coverage areas and there's some surprises.
Televisions go greener, thinner, and wireless at Ceatec

The gadgets showcased during the Japanese Ceatec 2008 electronics exhibition are greener, thinner, and wireless.
OLED, 3D displaying the future

Ceatec exhibitors show off prototype displays for our mobile devices and televisions, including a display measuring just 0.3 millimetre thick.

The Explain Series

Whereis^® Explains the importance of the map inside your GPS device

Viewsonic Explains LCD TV and Projector Connectivity

Latest reviews
Popular
Editors' choice

Western Digital WD TV

Western Digital comes to the media streaming party with a product set to shake.
Conceptronic Grab 'n' Go Multimedia Player

The Grab 'n' Go Multimedia Player makes a decent play at the budget-end of the playback market — but its limitations are obvious.
Logitech Harmony One

If you're looking for a sturdy, workhorse remote and don't want to pay through the nose then the Logitech Harmony One is an excellent choice.
Beo5

Bang & Olufsen puts its unique design mark on a universal remote and (for a fee) does all the programming for you.
Netgear EVA8000 Digital Entertainer HD

Netgear's EVA8000 is a streaming media player designed to plug into your high-definition television, allowing you to enjoy your videos and listen to music stored on your network from the comfort of your lounge.

More reviews »

Western Digital WD TV

Western Digital comes to the media streaming party with a product set to shake.
What is HDMI?

Tired of all those messy home theatre cables ruining your living room's feng shui? Wondering why analog cables are still connecting your all-digital gear? There is a solution — HDMI.
Apple TV

A lack of playable formats and limited functionality really stunts the appeal of the otherwise elegant Apple TV. Read our Australian review.
Logitech Harmony 1000i

The swanky Logitech Harmony 1000i can be programmed by the average consumer, which saves the cost of hiring a home installer to do it.
Logitech Harmony 520

At less than AU$200, the sleekly designed Logitech Harmony 520 is a relative bargain among PC-programmable remotes.

More popular reviews »

Western Digital WD TV

Western Digital comes to the media streaming party with a product set to shake.
Logitech Harmony One

If you're looking for a sturdy, workhorse remote and don't want to pay through the nose then the Logitech Harmony One is an excellent choice.
Lindy 3 Port HDMI Switch with Remote

The Lindy 3 Port HDMI Switch with Remote is an inexpensive and recommended upgrade for anyone looking to add extra sources to their home theatre.
Logitech Harmony 785

This sleek universal remote has great functionality and a PC application that makes it easy to customise your settings.

More editors' choice »

Membership benefits

Create wishlists

See a product on CNET Australia that you want? Add it to your wishlist and send a hint to your friends and family. Sign up for a free CNET Australia membership now!

Optus Mobile - Nokia E71, $0 upfront on $49 Cap over 24 months - online only.

Mobile Phone Deals - Get the latest Handsets for FREE

New on Optus Pre-Paid - The latest must-have handsets now on Optus Pre-Paid

Hacking the hotel through the TV

Hotel Dusk: Room 215

The OzSpot #2: E3 2007 impressions

Kensington Contour Roller

Creative TravelSound Zen V

What do you think

Latest tv articles

Popular

Product finder

The Explain Series

Latest reviews

Popular

Editors' choice

Membership benefits

News & reviews

Latest forum posts

Subscribe to CNET Australia

Services

Hacking the hotel through the TV

What do you think

document.write('<a href="javascript:void(0)">') <a href="#tab-news-latest-content"> Latest tv articles

document.write('<a href="javascript:void(0)">') <a href="#tab-news-popular-content"> Popular

Product finder

The Explain Series

document.write('<a href="javascript:void(0)">') <a href="#tab-reviews-latest-content"> Latest reviews

document.write('<a href="javascript:void(0)">') <a href="#tab-reviews-popular-content"> Popular

document.write('<a href="javascript:void(0)">') <a href="#tab-reviews-edc-content"> Editors' choice

What's hot on CNET Australia

Services

Latest tv articles

Popular

Latest reviews

Popular

Editors' choice