Watch a hacker hack into the lights, fans and beds of a capsule hotel

Kyasupā wondered if he could hack his hotel’s iPod Touch controls after they handed it to him at check-in, but he didn’t want to waste his vacation reverse-engineering the system. He says he changed his mind after a noisy neighbor kept him awake for several nights. “I thought it would be nice if I could take control of his room and give him a good night’s sleep,” he wrote. “That’s how I decided to start analyzing how everything worked.”

IPods provided by the hotel as remote controls were locked with the iOS “guided access” setting which prevents users from exiting the Nasnos remote control application. But Kyasupā found that he could just let the iPod’s battery drain and restart it to gain full access – a hard restart is a known workaround for Guided Access – and the iPod didn’t have to. PIN code set for their lock screen. He then saw that the iPod connected via Wi-Fi to a Nasnos router – each room seemed to have its own – which in turn connected via radio to other digital devices in the room like its lights, fan, and sofa. folding.

To intercept the app commands from the iPod to the Nasnos router, Kyasupā knew he would have to find the password to access that router. But remarkably, he found that Nasnos routers used WEP encryption by default, a form of Wi-Fi security known for decades to be easily cracked. “Seeing that WEP is still in use in 2019, it’s crazy,” he wrote. Using AircrackNG program, he forced router password and logged in to it from this laptop. He was then able to use his Android phone as a Wi-Fi hotspot, connect the iPod to that hotspot, and route it through his laptop. Finally, he connected the laptop to the Nasnos router via Wi-Fi and used this setup as an intermediary to listen to all communication from the iPod to the router.

Kyasupā then tried all the functions of the app, like turning the lights on and off, converting the sofa to a bed, etc., while also recording the data packets sent for each one. Since the Nasnos app did not use any real authentication or encryption in its communications with the router other than WEP Wi-Fi encryption, it could then connect to the room router with his laptop instead. and replay those commands to trigger the same changes.

Kyasupā still had to figure out how to connect to the routers in the other rooms. But at this point, he says, he left the hotel to visit another city, returned a few days later and was assigned another room at the hotel. When he also deciphered the router password for that room, he discovered that it only had four characters different from the first one. This lack of true randomization of passwords allowed him to easily force all passwords for other rooms in the capsule hotel.

One afternoon, when the hotel was relatively empty, Kyasupā says, he walked over to his noisy ex-neighbor’s room – the loud-talking offender was always staying at the hotel, the hacker claims – and said found the username and password for that room’s router by standing outside and testing the lights to verify it had the correct target. That night, as he relates, he set his laptop to run his script. He says he doesn’t know how his target reacted; Kyasupā slept through the night and did not see the neighbor again until he apparently left. “I’m sure he had a wonderful night,” Kyasupā writes. “Personally, I slept like a baby.

After his trip, Kyasupā says he emailed the hotel alerting them to their vulnerabilities and also shared his findings with Nasnos, who did not respond. He says the hotel fixed the issues he told them about, switching their Nasnos routers to WPA encryption to make it much harder to crack their passwords. He warns that anyone who uses Nasnos home automation systems should also verify that they are not using WEP, and in the case of multiple routers in the same building such as a hotel, give each random passwords that don’t. cannot be derived. from each other or easily forced into them.

For the noisy guest at the capsule hotel he says he tested his hacking techniques on, Kyasupā offers a different moral to the story. “I hope he will be more respectful to his neighbors in the future,” he said, “and that he isn’t too afraid of ghosts.”

More great WIRED stories

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *