Sunday, July 31, 2005
Using infrared to hack a hotel
Hotel TV systems are the most serious target from a privacy standpoint because they are connected to databases that contain information about guests.
Laurie said the vulnerability lies with how hotels have implemented the backend of infrared systems, placing control of the system at the user end, where the TV is located, rather than at the server end with administrators.
Laurie found that the backend systems in many hotels around the world don't have password protection or other authentication schemes to prevent unauthorized users from gaining access to them through the TV. And they fail to use encryption to protect data as it's transferred and stored.
The only hardware an intruder needs is a laptop running Linux, an infrared transmitter and a USB TV tuner. Laurie said the attack can also be performed using the infrared port built into many laptops.
Copyright Anand Jain 2004, 2005. All rights