Have you ever had the urge to create mayhem at a hotel? Force every hotel guest to watch your favorite TV show with you? Or wake your neighbors up (all 290 of them!) with blaring music and with their blinds up at 3 AM?
For those with the urge, I have the perfect place for you. The St. Regis ShenZhen, a gorgeous luxury hotel occupying the top 28 floors of a 100 story skyscraper, offers guests a unique feature: a room remote control in the form of an iPad2. The iPad2 controls the lighting, temperature, music, do not disturb light, TV, even the blinds and other miscellaneous room actions. However, the deployment of the home automation protocol contained several fatal flaws that allow an arbitrary attacker to control virtually every appliance in the hotel remotely. I discovered these flaws and as a result, I was able to create the ultimate remote control: Switch TV off 1280,1281,1283 will switch off the TV in these three room. The attacker does not even need to be at the hotel - he could be in another country.
This talk provides a detailed discussion of the anatomy of the attack: an explanation of reverse engineering of the KNX/IP home automation protocol; a description of the deployment flaws; blueprints on how to create an iPad Trojan to send commands outside the hotel; and, of course, solutions to avoid all these pitfall in future deployments. Attendees will gain valuable field lessons on how to improve wide scale home automation architectures and discussion topics will include the dangers of utilizing legacy but widely used automation protocols, the utilization of insecure wireless connection, and the use of insecure and unlocked commodity hardware that could easily be modified by an attacker.
The attack has important implications for large scale home automation applications, as several hotels around the world are beginning to offer this room amenity. The severity of these types of security flaws cannot be understated - from creating a chaotic atmosphere to raising room temperatures at night with fatal consequences - hoteliers need to understand the risks and liabilities they are exposed to by faulty security deployments.