A Japanese hotel chain equipped with in-room robots issued an apology after a security researcher found that its robot could have been hacked, allowing attackers to access the camera and microphone.
Security researcher Lance R. Vick found the robots in HIS Group (Henn na Hotel) hotel rooms were extremely vulnerable to attacks. He notified the company about the problem, but got no answer.
“It has been a week, so I am dropping an 0day. The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests. Unsigned code via NFC behind the head. Vendor had 90 days. They didn’t care,” said Lance on Twitter.
The researcher explained how easily an attacker could have compromised the robots by installing an audio or video streaming app, setting it to run by default, and then connecting to it remotely. In theory, someone staying at the Henn na Hotel in Tokio could have used the robots to watch subsequent guests in the rooms.
The robots, built by a company named Tapia, are designed to greet people as they enter the room, offer them the options to check the weather and even to shop online. Following the vulnerability report, the hotel chain apologized for the problem, and Tapia is said to have fixed it.
According to a report from the Tokio Reporter, this is not the first time Tapia was informed about a possible security issue with its robots, but the company deemed the risk was low.