Security Architecture, Endpoint/Device Security, IoT, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Report: Hotel chain modifies bed-facing robots to prevent unwanted spying

A Japanese hotel chain that offers in-room robots as an amenity has reportedly modified the technology to prevent snoops from eavesdropping on guests, after an independent researcher publicly exposed a potential exploit.

In making the change, travel company H.I.S. Hotel Group conceded that individuals could gain unauthorized access to its 100 Tapia robots at the Henn na Hotel Maihama Tokyo Bay, according to the Tokyo Reporter, citing TV Asahi in an article that was recently picked up on by multiple cybersecurity news outlets. Henn na in English is translated as "weird or strange."

Various robots can be found in the lobbies and rooms of 10 Henn na Hotel hotels operating nationwide, the report explains. The room-based IoT devices, at least some of which look like large hatching eggs with a screen emerging from a large crack, allow guests to check the weather, shop online or connect to their smartphones.

But independent researcher Lance Vick said in a tweet earlier this month that hackers with bad intentions could also abuse the robots' near field communication (NFC) feature to spy on people.

"The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests," wrote Vick, who said he attempted to contact relevant parties on two separate occasions. "Unsigned code via NFC behind the head. Vendor had 90 days. They didn't care."

Vick recited the steps in another tweet: "1. Tap an NFC tag to the back of the head with any url which breaks out of the "jail." 2. Go to settings, allow untrusted apps. 3. Use browser to install streaming audio/video app of choice. 4. Set to autorun. 5. Reboot. 6. Watch stream remote whenever you want."

Shortly thereafter, H.I.S. said it made changes to prevent such an exploitation. "We apologize for any uneasiness caused," the company reportedly said in a tweet.

It is not clear from the various reports if other Henn na Hotels outside of the Maihama Tokyo Bay location was or is susceptible to the same robot vulnerabilities.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.