Hacking a capsule hotel

At this year’s Black Hat, Kyasupā demoed hacking a capsule hotel.

At this year’s Black Hat, Kyasupā demoed hacking a capsule hotel

Whenever I am at Moscow’s Sheremetyevo airport, I always check out the capsule hotel and debate whether to take a rest in one of those mini pods. To date, I haven’t pulled the trigger, but when I saw a presentation at this year’s Black Hat called Hacking a Capsule Hotel — Ghosts in the Bedroom, I had to check it out.

The speaker, Kyasupā of LEXFO, described how he was looking to save money on a holiday, by staying in a capsule hotel. For anyone unfamiliar, capsule hotel rooms are typically small spaces with a bed, a fan, and a curtain to block out fellow guests. Other facilities such as dining areas, bathrooms, and the like are shared. In other words, showing basic respect for one another is really important in a capsule hotel.

Unfortunately for Kyasupā, his capsule hotel neighbor had a loud, 2 a.m. phone call, and despite assurances he’d pipe down, did the same thing the next night. And unlike many who would try to figure out a way to keep the peace, Kyasupā decided to get revenge. He’d been wondering if he could hack into his hotel’s iPod-controlled devices anyway; the loud neighbor just pushed him over the edge.

Tinkering around with his laptop, wireless cards, and an Android device, Kyasupā found a way in through a half-dozen vulnerabilities in Nasnos routers.

As you can see in the video, our hacker had gained the ability to control any room he wanted. Now, for his story, he just had to find the right neighbor.

UPDATE: The video has been removed from YouTube, however, you can see the full presentation here.

On a slow afternoon when the hotel was empty, Kyasupā was able to identify his tormentor’s room. From there, he used a script that not only turned the room’s lights on and off, but also folded the bed into a couch every two hours starting at midnight.

In a more responsible move, Kyasupā did of course inform the hotel about its security issues, and he also contacted the router manufacturer. The hotel has already changed its security protocols, but the vendor has not yet responded.

What else can I say? Never underestimate a wronged hacker.