Skip to main content
  1. Home
  2. Computing
  3. Legacy Archives

Hacking into your hotel room is easier than you might think

Add as a preferred source on Google

Old, insecure protocols could be giving unwanted guests access to hotel rooms across the globe, according to research carried out by one enterprising hacker. Spaniard Jesus Molina has been speaking to Wired about several vulnerabilities that he’s discovered and which he plans to present at a Black Hat security conference next month.

Door locking mechanisms remained secure, but Molina was able to easily take control of thermostats, lights, TVs and window blinds across the hotel he stayed at. “I could have changed every channel in every room so everybody could watch soccer with me,” he says, “but I didn’t.”

Recommended Videos

The key to the hack was a ‘digital butler’ app running on an iPad and an ageing communications standard called KNX. It enables guests to control the various pieces of equipment in their rooms, but it can easily be taken over by someone in the next room or sat in the lobby. If the right Trojan Horse virus was installed then the app could be controlled from the other side of the world.

“Guests make assumptions that the channel they are using to control devices in their room is secure,” explains Molina, but that isn’t necessarily the case. “I didn’t have to be in the hotel to do what I did. I could have done it from anywhere. I could use a very big antenna from the next building.”

The hotel that Molina was staying at was the five-star St Regis in Shenzhen, China, but he believes the same systems are installed at many other locations in Asia, Europe and the United States. When the problems were reported to the St Regis, staff immediately took action, although fixing the issue required a wholesale upgrade of the network.

The problem is made more urgent by the fact that KNX is increasingly used in home automation networks as well. “People are reusing protocols that are not meant for the Internet of Things,” says Molina. “Using protocols like KNX for home automation makes no sense for wireless. This guerrilla war we’re playing with the Internet of Things can get dangerous. This is not something I say lightly.”

[Image: Eviled / Shutterstock.com]

David Nield
Former Contributor
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
I let Radial menu take over my Mac, and I’m never going back
One mouse jiggle, endless shortcuts. My Mac has never felt this fast.
Radial app running on Mac

I have been testing Radial for the past week, and it's quickly become one of those apps I didn’t know how I could live without. It's a radial menu for macOS that puts your shortcuts, scripts, and automations right where your cursor is, so you never have to go hunting through menus to find what you need.

The app just received its 5.0 update, adding AI actions powered by Claude, window layouts, variables, a redesigned settings interface, a new Atmosphere background effect, and a squircle menu shape. I got to try most of these, and here's what I found.

Read more
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more
As AI turbocharges digital abuse, UK agencies urge parents to limit who sees kids’ photos online
The National Crime Agency and Internet Watch Foundation are asking parents to tighten privacy settings as AI-generated abuse material rises.
Social Media

Parents who post pictures of their kids online are being told to rethink the habit. The UK's National Crime Agency and the Internet Watch Foundation have issued new guidance urging families to lock down their social media accounts, warning that publicly shared photos are increasingly being pulled and altered by AI tools to create child sexual abuse material.

The two organizations say most parents have no idea this is happening. Criminals no longer need to contact a child directly to generate such material. They can scrape an ordinary photo and run it through widely available nudify apps.

Read more