In light of the recent hotel room searches happening in Resort World, Las Vegas, one hacker has detailed his experience at a hotel in Vegas whilst visiting the Black Hat conference in 2013.
Black Hat 2024 has now ended, and many who attended the conference reported receiving a preemptive note from the hotel Resort World explaining that random room checks would be conducted throughout their stay.
The note read that hotel staff “will be conducting scheduled, brief visual and non-intrusive room inspections daily beginning Monday, August 5th.”
Pre-convention activities started for Black Hat on Saturday, August 3rd, which runs through August 8th, overlapping with DEF CON, whose final event day is August 11th.
Unsurprisingly, many were shocked at this revelation, and many hackers were concerned by the room checks.
However, as the white hat hacker and security researcher Thaddeus Grugq, known as ‘thegrugq’ on X, said, people forget that a hotel room shouldn’t be treated like a home, and this note makes it clear that your belongings aren’t necessarily safe.
In a newsletter crafted by Grugq, the hacker tells the story of how his hotel room didn’t feel like a home, instead, it was a hostile environment that was potentially being surveilled.
Firstly, Grugq states, “By making it explicitly clear that rooms are not secure and will be searched, the hotel has done a great service to the community.”
Having known this prior to his stay at Black Hat in 2013, Grugq said that he took measures to make sure that his belongings, mainly the belongings he put in the hotel safe, weren’t being tampered with.
To check if his belongings were being tampered with, the hacker configured them in a specific way and took before-and-after photos of the inside of the safe.
Pics from my hotel safe in Vegas, before: pic.twitter.com/bHCVlUX4c0
undefined thaddeus e. grugq (@thegrugq) August 13, 2013
Pics from my hotel safe in Vegas, after: pic.twitter.com/MglekMkizb
undefined thaddeus e. grugq (@thegrugq) August 13, 2013
“As you can see, some sort of localized seismic event caused the contents to move around,” the hacker said.
“My travel router shifted 5cm to the left (about three and a half aspirins), my other travel router went backward a couple of centimeters (approximately one-fiftieth as tall as Danny DeVito), and my Movies USB spun around 60 degrees and moved roughly 1cm (8 grains of sand) to the left,” he explained.
“Fortunately, this seismic incident was entirely restricted to the inside of my safe, and no one was injured,” Grugq joked.
This incident gives credence to the point that people are most likely checking your hotel room. Even if you think that you’ve stored your valuables in a safe space, nothing is impenetrable.
Hackers consistently develop software and gadgets that look suspicious to the untrained eye. So, not properly securing your belongings could allow bad actors to tamper with your equipment or steal your data.
However, the hacker has three helpful tips for determining whether your room is being searched without your knowledge.
- Take before-and-after photos like Grugq did. If the items have been moved, you know someone has been in your room.
- Scatter small objects like coins to create unique patterns around your belongings. This will make any changes to the configuration of your valuables easier to spot.
- Put cups around your things to block access. Use a compass to configure your belongings in a specific direction. Then, you can check that they are in the same position when you return.
The point Grugq is making is that your equipment might not be tampered and your data may not be stolen if you leave your belongings unattended.
Instead, it’s best to assume that strangers will be coming into and out of your hotel room, some even actively looking for “hacker stuff.”
“The key takeaway is to think of a hotel room as sort of like email in that it feels private, but it isn't. Don't leave anything in your hotel room that you wouldn't leave with the security services,” Grugq concluded.
“These inspections are a precautionary measure intended to enhance our on-site security presence (both physical security and cybersecurity), maintain the integrity of our property’s services, and safeguard our guests, business partners, and staff against potential cyberattack threats,” Resorts World said.
Your email address will not be published. Required fields are markedmarked