The Japanese hotel chain HIS Group admitted that its in-room robots were vulnerable and could allow hackersto remotely view video footage from the devices.
The personnel at the Henn na Hotel managed by the Japanese hotel chain HIS Group is composed of robots that provide hospitality services to the guests.
The HIS Group hotel chain has 10 locations in Japan that used robots instead of human personnel to provide some services.
The robots use facial recognition to perform check-in operations before access to their rooms and assist them during their stay at the hotel. Now the HIS Group admitted that the in-room robots were vulnerable to hack and could allow remote attackers to view video footage from the devices.
On October 12, 2019, the researcher Lance R. Vick (@lrvick) revealed that he reported a zero-day flaw in the robots to the company in July, but he was ignored by the HIS Group.
The expert discovered an “unsigned code” that could allow an attacker to access video footage via the streaming app of their choice by tapping an NFC tag to the back of robot’s head.
The expert explicitly mentions Tapia robots used in a specific hotel, it is not clear if other locations use different models of robots.
“The operator of the robot-staffed Henn na Hotel chain announced last week that a modification has been made to prevent exploits by guests, reports TV Asahi (Oct. 18).” reported the Tokyo Reporter.
“On October 16, travel firm H.I.S. Hotel Group acknowledged that it had been possible for persons to gain unauthorized access to its 100 Tapia robots at Henn na Hotel Maihama Tokyo Bay, located near Tokyo Disney Resort.“
The HIS Group apologized for any uneasiness caused.
This was not the first time that the Tapia robots used by the hotel chain made the headlines. On July 6, the company was informed by a guest about a security flaw affecting this model of robots.
According to TV Asahi, the manufacturer of the Tapia robots was informed of the issue, but it determined that “the risk of unauthorized access was low,”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.