A Blog by Jonathan Low

 

Oct 25, 2019

Hotel Robots Hacked So Perps Could Watch Guests

Of course, in today's social media obsessed culture, there could be guests who find that a feature not a bug. JL

John Oates reports in The Register:

The Henn na Hotel is staffed by robots: guests can be checked in by humanoid or dinosaur reception bots before proceeding to their room. (But) its in-room robots were hackable to allow pervs to remotely view video footage from the devices.Facial recognition tech will let customers into their room and then a bedside robot will assist with other requirements. A security researcher revealed that he had warned HIS Group in July about the bed-bots being easily accessible, noting they sported "unsigned code" allowing a user to tap an NFC tag to the back of robot's head and allow access via the streaming app of their choice.
Japanese hotel chain HIS Group has apologised for ignoring warnings that its in-room robots were hackable to allow pervs to remotely view video footage from the devices.
The Henn na Hotel is staffed by robots: guests can be checked in by humanoid or dinosaur reception bots before proceeding to their room.
Facial recognition tech will let customers into their room and then a bedside robot will assist with other requirements. However several weeks ago a security researcher revealed on Twitter that he had warned HIS Group in July about the bed-bots being easily accessible, noting they sported "unsigned code" allowing a user to tap an NFC tag to the back of robot's head and allow access via the streaming app of their choice.
Having heard nothing, the researcher made the hack public on 13 October. The vulnerability allows guests to gain access to cameras and microphones in the robot remotely so they could watch and listen to anyone in the room in the future.
The hotel is one of a chain of 10 in Japan which use a variety of robots instead of meat-based staff.
So far the reference is only to Tapia robots at one hotel, although it is not clear if the rest of the chain uses different devices.
The HIS Group tweeted: "We apologize for any uneasiness caused," according to the Tokyo Reporter.
The paper was told that the company had decided the risks of unauthorised access were low, however, the robots have now been updated.
The chain has suffered a bunch of other issues with the robots, including problems with voice recognition systems reacting to guests snoring and a failure of the reception dinosaurs to understand guests' names. ®

0 comments:

Post a Comment