Kya Supa, security consultant at LEXFO, inadvertently found a series of security bugs in IoT devices within connected hotel rooms. These vulnerabilities allowed him to take control of the amenities in multiple capsule hotel rooms (tiny rooms stacked side-by-side). Supa presented his findings on Wednesday at the Black Hat Conference 2021.
The rooms are controlled using an iPod touch, which visitors receive at check-in, allowing them to control lights, change position of their beds and control the ventilation fans. Supa found six different exploits, with which he could bypass any security protections and take control of any of the small rooms.