If you think about a hotel room today, it has lots of connectivity – from smart TVs, to mini-bar sensors, to guest Wifis. What opportunities does that present to a motivated attacker?
In this video, Nate Drier, Secureworks Technical Lead for Penetration Testing, describes an engagement in which he was able to access a hotel’s internal network from one of their hotel suites. By challenging their assumptions about strong network security and leveraging the expertise of penetration testers using an adversarial, hands-on approach, this proactive client was able to improve their defenses.
Listen to the full webcast
to learn more about the most common attack vectors and how to defend against them.
So we have a hotel client and they were interested in determining if an attacker checked into one of their guest rooms, what they could do. They spent a lot of time and money like every company, protecting their internal, sensitive systems, things that store sensitive data, process credit cards, things like that and they were really interested if they had a hacker check in to one of their guest rooms, does that give them any more access than anybody else, right? Could they leverage something in a guest room to attack their internal network? And you think about a hotel room, it's got lots of connectivity. It's got a Smart TV that hooks to the internet, it's got a minibar. They need to know when you took your snack out of the minibar, it'll automatically charge you. AV hubs, there's guest WiFi, there's lots of connectivity within your room so I think specifically we were looking at the TV, had a ethernet jack plugged into it to give it its internet access to be able to stream content and media to the TV.
We unplugged that ethernet jack, plugged it into our laptop, scanned that network and we found something that looked kinda fishy. It was a system that didn't look like it belonged on a guest TV network, right? So, we started poking at that, analyzing that. Of course we found a vulnerability in it, hadn't been patched in a while, we were able to compromise that system. Once we were on it, we discovered there was another network interface. There was one for our half of the guest network and another network interface for what turned out to be their corporate network where they have all the guest registration systems, the check-in desk, point of sale systems for when they're swiping and running credit cards. So of course, we were able to use that as a pivot point, compromise that system, jump into the next network and compromise pretty much everything there. Make off with the guest details, steal credit card numbers at the end of the day. So the client was happy. I mean, at first, I think they were kinda sad that we found something, right? They put a lot of time and effort into architecting this network, they thought they did things right but that's kind of our job is to show up and challenge that assumption. Like, I assume a network's strong and secure, that's why you hire guys like my team 'cause we show up and we challenge that and try to find things that you can fix to make it better.