Japan is a country that loves its robots where we’ve seen various industries take advantage of it, where it can be used as a greeter in stores or as a way to help passengers find their way around the airport. We’ve also seen how some hotel chains in the country are using robots to help guests check in.
However, it seems that the rush to embrace technology could have resulted in some privacy breaches. According to security researcher Lance R. Vick, he tweeted how a Japanese hotel chain that employs the use of a bedside robot could have potentially been breached where hackers could use it to spy on guests.
According to Vick, this is apparently due to unsigned code via the NFC on the back of the robot, where anyone could tap on it and access it via a streaming app of their choice, allowing hackers to watch guests in their room while they slept. Vick claims that he reached out to the hotel chain but did not hear anything back, and after 90 days, he decided to release his findings online.
It has been a week, so I am dropping an 0day.
The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests.
Unsigned code via NFC behind the head.
Vendor had 90 days. They didn't care. pic.twitter.com/m2z6yLbrzq
— Lance R. Vick (@lrvick) October 12, 2019
Following the public revelation, the hotel chain has since issued an apology. It is unclear if any of these robots were breached and if any guests were spied upon, but the vulnerability definitely made it possible.