When one goes to a hotel, they might expect the occasional annoyance — maybe the food didn't live up to expectations, or the other guests were loud.
A complaint almost no one would expect to make is that they were being spied on by robots belonging to the hotel.
Yet, after an ethical hacker, Lance R. Vick, recently told Japan’s famous Henn na Hotel that its robots could be used to do just that, the hotel had to pull its bots to be reprogramed.
Vick flagged an NFC-related vulnerability to the hotel, telling them that their 100 egg-shaped Tapia robots could be hacked and used to spy on guests.
As is the accepted norm with ethical hacking, Vick gave the hotel 90 days to respond and fix the issue. As they didn't, he tweeted out a message to potential guests, warning them of the issue.
It has been a week, so I am dropping an 0day.— Lance R. Vick (@lrvick) October 12, 2019
The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests.
Unsigned code via NFC behind the head.
Vendor had 90 days. They didn't care. pic.twitter.com/m2z6yLbrzq
A belated apology
The statement said that “as a result of [its] investigation, it was confirmed that no unauthorized applications were installed,” and that “all of the countermeasures against the unauthorized access method . . . have been completed.”
Even though the risk seems to have been minimal, the company's lack of action over Vick's original messages and warnings certainly leaves a lot to be desired — especially when the company in question prides itself on being ahead of the curve when it comes to technology.