Monday, August 15, 2005

Infrared hacking ~ too easy for some!

The almighty hacker. Hotels are not immune to them. Many hotels’ television infrared systems have made it easy for hackers to go into their billing system and guest list. Uh oh! One reason why you should definitely check your bill when checking out.
It gives them access to add and delete charges on a guest’s bill. It even allows them to watch pornographic films or other premium channels on their hotel tvs without paying for it. Hmmm…I see what some of you are thinking right now… “hey that could be my excuse the next time porn pops up on my hotel bill. I swear I didn’t…must have been a hacker”!
Adam Laurie, technical director of the London security and networking firm The Bunker showed how such attacks are conducted at hotels around the world. He also revealed how certain programming techniques are used to decipher the code to open garage doors and car doors that use infrared. Infrared uses very simple code, as most people think of it as being used for minor things like garage doors and tv remotes. Infrared is used in many different things like hotel minibars, vending machines, scrolling LED public display signs, robotic toys and more. The most serious target from a privacy standpoint has become the hotel tv system because it connects to databases with private information about the guests. The hotels that have implemented “backend infrared systems”, where the control lies with the user (where the tv is) instead of the server end (administrator) are those systems most vulnerable. A lot of time these systems have no password or encryption to protect data. A laptop using Linux, infrared transmitter and USB tv tuner is all that an intruder needs according to Adam Laurie. If you connect these things properly….wahlah! You have access to the content through the hotel tv. He explains it as "It's the same as tuning your TV to multiple channels, (When you're looking at one channel) the signal (for other channels) is always there, but you're only currently looking at one part of the spectrum." You don't see what's broadcasting on the other channels until you tune into them. “Laurie first discovered the vulnerability when he was ‘mucking about with hotel TVs to get the porn channel without paying for it.’ He was able to bypass TV billing menus by using his laptop to tune in to the premium content being broadcast from backend systems. He didn't have to pay for the content, because the systems didn't know he was watching it.” Wow! He also said that in some hotels the front desk has the control to lock and unlock the minibar remotely, or the maids can do it with a remote and an infrared receiver on the front of the bar. He said that he accidentally locked the minibar at one of his hotel stays when he was looking for the commands that controlled it.
This guy is paid to hack! It is really quite amazing to see what people can do given the situation. When you see the guys that get arrested for hacking into systems, either collecting information or dumping it (via virus) it makes you wonder what their motive is. I guess some of them are trying to keep people on their toes, some do it just to see if they can (self satisfaction), and others are just malicious. Is there ever a way to keep it hack-free?

17 comments:

ticharu said...

Human nature, there will always be an element who see a lock as nothing more than an invitation. Can't change human nature. It's a game between the lock makers and the lock breakers.

Fred said...

Imagine if they put their skills to good use.

Lee Ann said...

ticharu - I think you are right. Then it comes down to integrity, honesty, morality....oh I think those are values that so many have forgotten or never knew.

fred - No kidding!

ticharu said...

Hard to define what that would be though isn't it? Are they not doing what is natural?

Gyrobo said...

I blame society.

Lee Ann said...

ticharu - yes, unfortunately you are right! I guess just not in my nature when it comes down to hurting others. Definitely good point you have.

Lee Ann said...

gyrobo - I think that you have a point. Society most definitely plays a part. I think a big part of it is "the parents". Too many parents these days just want to be friends with their kids. They need parents first.

Edge said...

You can get one of these certifications this guy has. I want one because I want to do something similar. It's called a Certified Ethical Hacker certification. You get it and you get watched by Uncle Sam the rest of your life. Not a bad trade off though as this is a hot skill to have. Class costs about $2500 and can be found in most major cities. you do have to have a corporate sponsor to take the class though. Cool though, isn't it?

~Jef

Lee Ann said...

Jef ~ I think it would be cool! Like I said it is amazing what people can do given a situation. Funny how if you are doing it on the right side of the law it is a good thing, same thing on the wrong side is bad!

The Zombie Lama said...

Funny how if you are doing it on the right side of the law it is a good thing, same thing on the wrong side is bad!


Ooh, good point!

Ilaiy said...

Lee Ann

I try to break into the systems which I have setup at home . It is fun and it is amazing intresting ..I do it to learn how to protect our network and learn what needs to be done when something of that kind happens ..

./thanks
ilaiy

The Husband said...

that is very scary. i saw a special on HBO about the porn industry...and they said they have seen the biggest growth coming from the hotel movies they broadcast. what was really fun was the actual amount of time someone will watch the movie...it was 3 minutes.

Lee Ann said...

Zombie - well, it is true in this case, isn't it! :)

ilaiy - Wow! Good learning tool, huh?

carl - that is funny, why only 3 minutes? *blushing*

mojoala said...

Hacking!

When it comes to internet security, 99% of americans are not in the know.

On occasion I drive down a street to see how many people have a wireless network that is unprotected. My laptop has a wireless network card. It is sitting in my car. I will stop in front of each house and see if my laptop can hook up with a network. I can hook into a lot. Most don't have their wireless connection encrypted.
This akin to the same as to being near a coffee shop that has wifi so you can surf the net while sipping some cappuccino.

Back to the house issue.
If I put my mind to it, I could hack into each computer on that wireless network with little ease.

This should scare you!
If I was a criminal, I could easily hijack your identity.

A cheapo who does not want to pay for the high price of high speed internet could easily access the wireless network of his nextdoor neighbor.

Now the question is, how many of you commenters that have a wireless network have your network encrpyted?

Wireless hacking is new school, Old school hacking is using a very expensive device that reads the radiation emitions from your CRT monitor to duplicate your screen onto the hackers screen.

Yes CRT monitors emit radiation just a regular TV. Don't you remember your mom telling you "not to sit to close to the TV, you could ruin your eyes"?

Well she was very right. For that reason and the reason of that device, I don't own or use CRT monitors, I use Flat Panel monitors. You should too, otherwise, you should be wearing some type of glasses while staring into your monitor...

Have a good day lee ann.

Lee Ann said...

mojoala - That is scary. I have wireless, and it is protected. I am lucky to say that my boyfriend is in IT and takes care of that for me. Very good comments. Thanks

Goan Pao said...

gawd why didnt anyone tell me of this earlier..break open the code of the minibar..that got me really attentive..
well it is sad that most of the time hackers succeed not because they are trying to break a lock but because you havent used a good lock.
If you leave your door open it does not make sense to blame the robber.
The wireless thing is so true..when I travel I always seem to find an unprotected network...

Lee Ann said...

goan pao - haha, you are funny about the minibar:)