cover of episode Jesus Molina - Learn how to control every room at a luxury hotel remotely - the dangers of insecure home automation deployment

Jesus Molina - Learn how to control every room at a luxury hotel remotely - the dangers of insecure home automation deployment

2014/12/13
logo of podcast DEF CON 22 [Materials] Speeches from the Hacker Convention.

DEF CON 22 [Materials] Speeches from the Hacker Convention.

Frequently requested episodes will be transcribed first

Shownotes Transcript

Slides Here: http://defcon.org/images/defcon-22/dc-22-presentations/Molina/DEFCON-22-Jesus-Molina-Learn-how-to-control-every-room.pdf

White paper Here: http://defcon.org/images/defcon-22/dc-22-presentations/Molina/DEFCON-22-Jesus-Molina-Learn-how-to-control-every-room-WP.pdf

Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment Jesus Molina Security Consultant

Have you ever had the urge to create mayhem at a hotel? Force every hotel guest to watch your favorite TV show with you? Or wake your neighbors up (all 290 of them!) with blaring music and with their blinds up at 3 AM?

For those with the urge, I have the perfect place for you. The St. Regis ShenZhen, a gorgeous luxury hotel occupying the top 28 floors of a 100 story skyscraper, offers guests a unique feature: a room remote control in the form of an IPAD2. The IPAD2 controls the lighting, temperature, music, do not disturb light, TV, even the blinds and other miscellaneous room actions. However, the deployment of the home automation protocol contained several fatal flaws that allow an arbitrary attacker to control virtually every appliance in the hotel remotely. I discovered these flaws and as a result, I was able to create the ultimate remote control: Switch TV off 1280,1281,1283 will switch off the TV in these three room. The attacker does not even need to be at the hotel – he could be in another country.

This talk provides a detailed discussion of the anatomy of the attack: an explanation of reverse engineering of the KNX/IP home automation protocol; a description of the deployment flaws; blueprints on how to create an Ipad Trojan to send commands outside the hotel; and, of course, solutions to avoid all these pitfall in future deployments. Attendees will gain valuable field lessons on how to improve wide scale home automation architectures and discussion topics will include the dangers of utilizing legacy but widely used automation protocols, the utilization of insecure wireless connection, and the use of insecure and unlocked commodity hardware that could easily be modified by an attacker.

The attack has important implications for large scale home automation applications, as several hotels around the world are beginning to offer this room amenity. The severity of these types of security flaws cannot be understated – from creating a chaotic atmosphere to raising room temperatures at night with fatal consequences – hoteliers need to understand the risks and liabilities they are exposed to by faulty security deployments.

Jesus Molina is an independent security consultant. As a former security researcher at Fujitsu Laboratories of America he created several prototypes and corresponding patents on ground breaking research, including self-erasable memories and mobile trusted virtual machins. He has acted as a chair at the Trusted Computing Group, a NSF grant reviewer, and guest editor at IEEE Security & Privacy. He has worked in offensive security research demonstrating flaws in SmartMeters. Mr. Molina holds a Ms. and a PhD. from the University of Maryland.

Twitter: @verifythentrust