Robot Hotel says sorry about the buggy bedside bots – Naked Security

Sure, there are fangs and claws, but it’s not the velociraptor receptionists that are your biggest security worry at Tokyo’s robot-staffed Henn na Hotel.

No, it’s been the cute little egg-shaped Tapia bots that sit right next to your bed, ready to tell you the weather, turn down the lights or, as one security engineer has disclosed, to let someone remotely view video footage from your bedside.

Security engineer Lance R. Vick disclosed the vulnerability a few weeks ago, saying that the problem is that the bots have unsigned code that lets a user tap an NFC tag to the back of the robot’s head to gain access via the streaming app of their choice. That means that guests can access the robot’s cameras and microphones so as to watch and listen in on anyone who rolls around in the bed in the future.

Vick says that he warned the parent company, HIS Hotel Group, about the problem 90 days prior to his disclosure. He didn’t hear back, so he went public with it on 11 October.

According to the Tokyo Reporter, the hotel group acknowledged the vulnerability but said that there’s no evidence that it has been exploited by creeps.

The company reportedly tweeted out an apology…

We apologize for any uneasiness caused

…and said that an unspecified “maintenance procedure” had been undertaken on the robots. Your guess is as good as ours when it comes to what that entails: sticky notes covering up the cameras? A wad of gum plugging up the microphones?