A Japanese hotel chain equipped with in-room robots issued
an apology after a security researcher found that its robot could have been
hacked, allowing attackers to access the camera and microphone.
Security researcher Lance R. Vick found the robots in HIS
Group (Henn na Hotel) hotel rooms were extremely vulnerable to attacks. He
notified the company about the problem, but got no answer.
“It has been a week, so I am dropping an 0day. The
bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be
converted to offer anyone remote camera/mic access to all future guests.
Unsigned code via NFC behind the head. Vendor had 90 days. They didn’t
care,” said
Lance on Twitter.
The researcher explained how easily an attacker could
have compromised the robots by installing an audio or video streaming app, setting
it to run by default, and then connecting to it remotely. In theory, someone
staying at the Henn na Hotel in Tokio could have used the robots to watch subsequent
guests in the rooms.
The robots, built by a company named Tapia, are designed
to greet people as they enter the room, offer them the options to check the
weather and even to shop online. Following the vulnerability report, the hotel
chain apologized for the problem, and Tapia is said to have fixed it.
According to a report
from the Tokio Reporter, this is not the first time Tapia was informed about a
possible security issue with its robots, but the company deemed the risk was low.