A Japanese hotel chain, HIS Group, has apologised for ignoring warnings that its in-room robots were hackable and enabled individuals to remotely view video footage from the devices.
According to reports, the Henn na Hotel is staffed by robots; guests can be checked in by humanoid or dinosaur reception bots before proceeding to their room and facial recognition technology lets customers into their room, and then a bedside robot assists with other requirements.
Several weeks ago a security researcher revealed on Twitter that he had warned HIS Group in July about the bed-bots being easily accessible, noting they sported “unsigned code” allowing an user to tap an NFC tag to the back of robot’s head and allow access via the streaming app of their choice.
The researcher made the hack public after he did not hear back from the hotel. In addition, the vulnerability allowed guests access to cameras and microphones in the robot remotely, so they could watch and listen to anyone in the room in the future.
In a tweet, the HIS Group apologised and said the robots had been updated to fix the vulnerability.
Joseph Carson, expert in cybersecurity and chief security scientist at Thycotic, says this vulnerability is not surprising. Anything that is connected to the internet, whether it be a laptop, phone, webcam or even a hospitality robot, are all exposed to the risk of being hacked and abused, he notes.
“Devices that contain cameras used for simple functions, such as motion sensors, can absolutely be abused to record video, analyse that data and perform voice or facial recognition. In many incidents, the vendors who manufacture them do not provide the ability to turn them off which means they focus purely on ease of use and almost always sacrifice security as a result,” Mr Carson said.
The post #Privacy: Permitted robot hacking prompts apology from Japanese hotel appeared first on PrivSec Report.