Shenzhen is the Silicon Valley of mainland China. Situated about 50 minutes north of Hong Kong, the modern city is home to the Shenzhen Stock Exchange and numerous high-tech giants and startups. So naturally, the city’s five-star hotels regularly host wealthy moguls in their luxury rooms. Last year, one of those hotels also hosted a hacker from Spain who discovered that he could seize control of the wealthy guests’ highly-automated rooms.
Jesus Molina, who was staying at the St. Regis Shenzhen hotel, found that he could easily take control of the thermostats, lights, TVs, and window blinds in all of the hotel’s 250-plus rooms, as well as alter the electronic “Do Not Disturb” lights outside each door—all from the comfort of his luxurious bed.
He’ll be presenting his findings at the Black Hat security conference in August.
St. Regis supplies every guest with an iPad and digital “butler” application to control the features in their room. Molina, a native Spaniard who works as an independent security consultant in the U.S., found that the system uses an insecure protocol and configuration. It allows anyone to sniff commands as they cross the wireless network and replay them at will—to any connected device in the hotel.