Japanese hotel chain, Henn na, has been forced to issue an apology after a major security flaw was discovered with their in-room robots by a security researcher.
The chains parent company, HIS Group, owns several locations across Japan that all use robots to carry out various tasks in the hotel. The robots are primarily used for checking guests in using facial recognition and for an in-room concierge service but are also used for various other tasks.
Although the hotel uses several robots, the particular robots that have been highlighted for having the security flaw are the in-room robots. The robots are designed to greet guests as they enter their room and provide a similar experience to modern smart assistants such as Amazon’s Echo or Google’s Home.
The flaw allows an attacker to essentially create a backdoor into the robot that gives them remote access to audio and video streams from the onboard camera and microphone. This would enable the attacker to see and hear everything going on in the hotel room, even after they have checked out/left the hotel.
The flaw was discovered by security researcher, Lance Vick, who says that he gave the vendor 90 days to deal with the issue that he had raised but they didn’t care. Vick tweeted:
“It has been a week, so I am dropping an 0day. The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests. Unsigned code via NFC behind the head. Vendor had 90 days. They didn’t care,”
In a statement, the Henn na Hotel responded by saying that they had removed the robots from the rooms to investigate them and have taken measures to protect them against unauthorised access. Even though the robots have been updated, the hotel stated that it deemed the risks of unauthorised access low.