Hacker News new | past | comments | ask | show | jobs | submit login

Eh, the sound system on the elevator being hooked up to the guest and entertainment network isn't really a sin in my eyes.



As long as it's segregated that way. Someone was able to gain access to their Dr's office's network by accessing the wifi-enabled fish tank thermometer.

I forget if the details of how exactly they accessed it, but it was an example of an Internet of Things device making a security hole in a network.


It wasn't a doctor's office, it was a casino:

https://www.washingtonpost.com/news/innovations/wp/2017/07/2...


"Someone was able to gain access to their Dr's office's network by accessing the wifi-enabled fish tank thermometer"

I think you're mistaken/misremembering. It was a casino.

https://www.entrepreneur.com/business-news/a-casino-gets-hac...


Until someone on the guest network starts broadcasting audio into the elevators


That's more of an annoyance than a safety issue though. This is definitely one of those YAGNI things where it's not worth worrying about until it becomes a recurring issue, which is highly unlikely.


Personally, even the remotest possibility of someone broadcasting "evacuate your rooms, there is a fire/active shooter in the building" seems worth spending a few hours protecting against.


....why? No, honestly, why? Would you protect against someone running down the corridor shouting the same thing?


It's a lot more official if it's coming from the elevator speakers. It's also a lot harder to track down who did it.


> Would you protect against someone running down the corridor shouting the same thing?

...yes?

Do you think hotels aren't protected, to some extent, against any random person putting on a blazer and announcing an emergency?


>>Do you think hotels aren't protected, to some extent

How are they protected against that, exactly? You can literally walk up to any fire emergency button on any wall on any floor, press a button and evacuate the entire hotel, why bother with this UDP streaming nonsense?


> How are they protected against that, exactly? You can literally walk up to any fire emergency button on any wall

Cameras near fire alarms and it's a crime in the U.S. to give a false alarm.


Right, that protects the hotel from liability, but it does nothing to protect the hotel from such false alarm happening in the first place.


The threat to the perpetrator -- of 90 days prison time and a permanent criminal record of being a mischief-maker -- prevents people from pulling the alarm.

Same way sheepdogs herd sheep.


Sure, and to circle all the way back to the original point several posts up - why is this a deterrent to someone pulling a fire alarm but not for someone sending a fake UDP broadcast? The penalty will be exactly the same.


Harder to track down the person. Unless the hotel is logging every packet on its network and paying to archive the TBs of encrypted video streaming data that goes through every day. And it's a purely local network, so not like the NSA can help out.

Edit:

"Unauthorized" computer access is a serious federal crime under the CFAA, and that you did it as a joke is not a legal defense. Famous examples:

(1) https://en.m.wikipedia.org/wiki/Aaron_Swartz

(2) the Florida man who social engineered Twitter (https://en.m.wikipedia.org/wiki/Graham_Ivan_Clark)

(3) the Mirai botnet guys (https://en.m.wikipedia.org/wiki/Mirai_(malware)), etc.

So the penalty will actually be much worse if you get caught.


If a hotel could spend a few hours and definitively prevent misuse of the fire emergency button, they would do that.


It'd be far more trivial to put a wireless speaker in an elevator than it would be to reverse engineer this.


Hotels are reasonably protected to such an attack. There are almost always cameras in the elevator, and the electronics are typically, to some extent, tamper-resistant.


It's not hard to subtly stick a small flat wireless speaker to the wall, and by the time they notice it the attack is already complete.


1. It's easier to connect to the wifi from across the street, without setting foot on the premises or showing your face on camera.

2. I'm not claiming that all attacks will be mitigated, but that this is an easy win from a cost:benefit analysis.


The difficulty isn't in connecting to their wifi, but rather reverse engineering this bizarre backdoor just to project your voice in the elevator.


This feels like one of those hypothetical attack vectors that has probably never happened.

Although I could be wrong!


There are certainly people out there who are motivated to trigger false alarms in hotels: https://profootballtalk.nbcsports.com/2017/01/22/police-appr...


To what end?


Chaos!


Rain will go up, cats will chase dogs, and the elevators will play acid jazz instead of smooth jazz.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: