World-famous robots from Japanese hotels could be used by cybercriminals to track visitors. Back in 2015, in the Japanese city of Sasebo (Nagasaki Prefecture), was opened world’s first Henn na Hotel, there guests are served exclusively by robots. It is owned by the HIS Group. Currently, there are more than five such hotels in Japan.
These are not only world-famous dinosaur robots at the front desk, but also cleaners, porter and even robots that help put clothes in the closet.In the rooms, on the bedside tables, are installed special Tapia robots, which help to address needs of guests. In mid-October of this year, information security researcher Lance R. Vick announced on Twitter that these robots are unsafe.
“The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests. Unsigned code via NFC behind the head. Vendor had 90 days. They didn’t care”, — wrote Lance R. Vick в Twitter.
He warned representatives of the HIS Group about the problem last summer, but did not wait for an answer and therefore decided to talk about the vulnerability to the public.
Vic writes that, due to the robots’ easy availability, anyone can use the NFC-tag on the “head” of the machine, go to settings, enable installation if unchecked applications, use the browser and install any streaming audio or video application, adding it to autorun.
By restarting the device, the attacker guarantees himself remote access to the audio or video stream at any time. That is, it gets the opportunity to monitor the guests of the room through the built-in camera and microphone.
Tokyo Reporter writes that HIS Group representatives publicly apologize to all visitors who may have been affected by this compromise.
“We apologize for any uneasiness caused. A maintenance procedure had been undertaken on the robots”, — H.I.S said in a tweet.
Although in the company considered that the risks described by the researcher, as unauthorized access, were small, all potentially vulnerable robots were nevertheless updated to remove the vulnerability.