A Japanese hotel chain that offers in-room robots as an amenity has reportedly modified the technology to prevent snoops from eavesdropping on guests, after an independent researcher publicly exposed a potential exploit.
In making the change, travel company H.I.S. Hotel Group conceded that individuals could gain unauthorized access to its 100 Tapia robots at the Henn na Hotel Maihama Tokyo Bay, according to the Tokyo Reporter, citing TV Asahi in an article that was recently picked up on by multiple cybersecurity news outlets. Henn na in English is translated as “weird or strange.”
Various robots can be found in the lobbies and rooms of 10 Henn na Hotel hotels operating nationwide, the report explains. The room-based IoT devices, at least some of which look like large hatching eggs with a screen emerging from a large crack, allow guests to check the weather, shop online or connect to their smartphones.
But independent researcher Lance Vick said in a tweet earlier this month that hackers with bad intentions could also abuse the robots’ near field communication (NFC) feature to spy on people.
“The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests,” wrote Vick, who said he attempted to contact relevant parties on two separate occasions. “Unsigned code via NFC behind the head. Vendor had 90 days. They didn’t care.”
Vick recited the steps in another tweet: “1. Tap an NFC tag to the back of the head with any url which breaks out of the “jail.” 2. Go to settings, allow untrusted apps. 3. Use browser to install streaming audio/video app of choice. 4. Set to autorun. 5. Reboot. 6. Watch stream remote whenever you want.”
Shortly thereafter, H.I.S. said it made changes to prevent such an exploitation. “We apologize for any uneasiness caused,” the company reportedly said in a tweet.
It is not clear from the various reports if other Henn na Hotels outside of the Maihama Tokyo Bay location was or is susceptible to the same robot vulnerabilities.