Bob had a bad night: IoT mischief in a capsule hotel takes neighborly revenge to the next level

Researchers have revealed how security vulnerabilities could be exploited to compromise hotel Internet of Things (IoT) devices -- and take revenge on loud neighbors.

IoT devices are now commonplace both in businesses and in the home. These internet and often Bluetooth-connected products range from security cameras to smart lighting; fridges that monitor your foodstuffs, pet trackers, intelligent thermostats -- and in the hospitality space, IoT is also employed to give guests more control over their stay.

These services are sometimes offered through dedicated apps and tablets, allowing the management of lights, heaters, air conditioning, televisions, and more.

However, the moment you network IoT and hand over control to third parties, you may also give individuals the keys to a digital kingdom -- and the ability to cause mischief, or worse.

Vulnerabilities in IoT devices vary. They can range from hardcoded, weak credentials to bugs that allow local attackers to hijack devices; remote code execution (RCE) flaws, information-leaking interfaces, and to a lack of security and firmware updates -- the latter of which is a frequent problem in legacy and early IoT products.

Speaking at Black Hat USA, Las Vegas, security consultant Kya Supa from LEXFO explained how a chain of security weaknesses were combined and exploited to gain control of rooms at a capsule hotel, a budget-friendly type of hotel offering extremely small -- and, therefore, cozy -- spaces to guests, who are stacked side-by-side.