Industry News

In-Room Robots at Japanese Hotel Could Have Been Hacked to Spy on Guests

A Japanese hotel chain equipped with in-room robots issued an apology after a security researcher found that its robot could have been hacked, allowing attackers to access the camera and microphone.

Security researcher Lance R. Vick found the robots in HIS Group (Henn na Hotel) hotel rooms were extremely vulnerable to attacks. He notified the company about the problem, but got no answer.

“It has been a week, so I am dropping an 0day. The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests. Unsigned code via NFC behind the head. Vendor had 90 days. They didn’t care,” said Lance on Twitter.

The researcher explained how easily an attacker could have compromised the robots by installing an audio or video streaming app, setting it to run by default, and then connecting to it remotely. In theory, someone staying at the Henn na Hotel in Tokio could have used the robots to watch subsequent guests in the rooms.

The robots, built by a company named Tapia, are designed to greet people as they enter the room, offer them the options to check the weather and even to shop online. Following the vulnerability report, the hotel chain apologized for the problem, and Tapia is said to have fixed it.

According to a report from the Tokio Reporter, this is not the first time Tapia was informed about a possible security issue with its robots, but the company deemed the risk was low.

About the author

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.