Tech News

See the Lights, Fans and Beds of a Capsule Hotel Kidnapped by a Hacker

[ad_1]

Kyasupa asked him if he could break the iPod Touch controls on the hotel after check-in, but he didn’t want to waste holiday time changing the system. A noisy neighbor says he changed his mind after being held for several nights. “I thought it would be nice to take control of her room and have a lovely night.” “So I decided to start looking at how everything works.”

IPods issued by the hotel as a remote control were locked with iOS’s “guided access” setting, preventing users from exiting the Nasnos remote control app. Kyasupa found that simply emptying and restarting the iPod’s battery to get full access — a hard reboot is a popular solution for guided access — and the iPod had no PIN lock for the screen. He then saw that the iPod was connecting to a Nasnos router via Wi-Fi — each room had its own — connecting to other digital devices in the room via radio, such as lights, a fan, and a folding sofa.

In order for the app to intercept commands from the iPod to the Nasnos router, Kyasupa knew it would have to find a password to access that router. But remarkably, Nasnos found that routers used WEP encryption by default, a form of Wi-Fi security that has been easily cracked for decades. “Seeing that WEP is still in use in 2019, it’s crazy,” he wrote. Using the AircrackNG program, the router password was forced and connected from this laptop. He was then able to use his Android phone as a Wi-Fi hotspot, connect his iPod to that hotspot, and route it across his laptop. Eventually, he connected the laptop to the Nasnos router via Wi-Fi and used that setup in the middle of the man to listen to all the communications the iPod had with the router.

Kyasupā then tested all the functions of the application — turning the lights on and off, turning the sofa into a bed, etc. — while each one recorded the data packets sent. Since the Nasnos application did not use real authentication or encryption in communications with the router, in addition to encrypting WEP Wi-Fi, it was able to connect to the room router with its laptop and play the same commands to effect the same changes.

Kyasup was still tasked with figuring out how to connect with other room routers. But at this point, he says, he left the hotel to visit another city, returned a few days later and was given another hotel room. When he also broke the router password in that room, he found that it was only four characters longer than the first. The lack of real randomness in the passwords allowed him to harden all the passwords in other rooms of the capsule hotel in a hard way.

One afternoon when the hotel was relatively empty, Kyasupa said he went to the room of his noisy old neighbor — a high-profile offender was still in the hotel, the hacker says — and found the room’s ID and password for that room. and he tested the lights to make sure he had the right target. That night, as I said, he set up a laptop to launch the script. He says he doesn’t know how his goal reacted; Kyasupa slept through the night and did not see the neighbor again apparently before checking out. “I’m sure he had a wonderful night,” Kyasupa wrote. “Personally, I slept like a baby.”

After his trip, Kyasupa says he sent an email to the hotel to warn them of their vulnerability and shared his findings with Nasnos, who did not respond. He said the hotel addressed the issues, changing its Nasnos routers to WPA encryption, making it very difficult for passwords. He warned that anyone who uses Nasnos ’home automation system should also check to make sure they don’t use WEP, and in cases where there are multiple routers in the same building as a hotel, give them random passwords that can be derived from each one. from each other or easily crushed-forced.

He says he tried out his hacking techniques for the loud guest at the capsule hotel, Kyasupa offers a different moral to the story. “I hope he’ll have more respect for his neighbors in the future,” he says, “and he’s not too scared of ghosts.”


More great KABEKO stories

[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button