Home Security Japanese Hotel Apologizes As It Addresses Vulnerability In Hotel Robots

Japanese Hotel Apologizes As It Addresses Vulnerability In Hotel Robots

by ethhack

Internet-of things is seemly always vulnerable to security flaws. From individual users to the corporate sector, these IoT flaws have always impacted users. Once again, a Japanese hotel fell victim to such a vulnerability in its in-room robots. Exploiting the flaw could allow spying on the customers.

Vulnerability In Japanese Hotel Robots

Security researcher Lance R. Vick spotted a vulnerability in the Tapia robots installed in a Japanese hotel. He found that the zero-day vulnerability, upon exploit could allow spying on customers.

‏The vulnerable robots served as in-room assistants in the Henn na Hotel Maihama Tokyo Bay. The Henn na Hotel chain of hotels belongs to the H.I.S. Hotel Group. The robots at these hotels provided guests with online facilities, such as weather updates, online shopping, and other services. To use the facility, the guests would have to connect the robots to their smartphones.

Due to the vulnerability, it became possible for anyone to exploit the robots to remotely view the hotel room.

The flaw surfaced online after the researcher shared about it in his tweet.

Specifically the NFC tag in the robots allowed for unsigned code to run. Highlighting the exploit in his tweet, Vick stated,

Hotel Apologized And Pledged A Fix

As highlighted by Tokyo Reporter, Vick first spotted the vulnerability in July 2019. He even sent an email to the hotel authorities informing them of the flaw. However, according to a statement from H.I.S., the officials treated the email as spam and paid no heed.

Eventually, when the researcher witnessed no action from HIS, he disclosed the vulnerability publicly via tweet.

Later on, the hotel authorities took the matter seriously and updated the robots with patches. In addition to apologizing for the flaw, they have also assured no malicious exploitation of the bug earlier. As stated in their statement [translated],

All robots were withdrawn from the guest room and investigated. It has been confirmed that it has not been installed.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Related Articles

Leave a Comment