Hotel's in-room assistants could have been used to spy on guests
Primers
A hotel known for using robots and quirky animatronics is making the wrong kinds of headlines for its in-room smart assistants. Henn na Hotel, a Tokyo-based, robot-staffed chain, has announced it recently modified 100 egg-shaped bedside robots to prevent an exploit that would give hackers in-room camera and mic access.
The vulnerability was made public by security engineer Lance R. Vick, who identified the flaw and warned both the hotel and vendor to no avail. After no action was taken in the allotted 90 days by the hotel chain, Vick, who is part of an ethical hacker group called "#!", turned to Twitter.
"The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests. Unsigned code via NFC behind the head. Vendor had 90 days. They didn't care."
Last week, H.I.S. Hotel Group, which runs the Henn na Hotel Maihama Tokyo Bay, located near Tokyo Disney, acknowledged the vulnerability, admitting that it had been possible for persons to gain unauthorized access to its 100 Tapia devices. Though widely reported to be robots, the egg-shaped devices are actually smart assistants that provide guests with useful information and connect them to online shopping. The eggs connect to smartphones and streaming devices and offer guests. The devices also can stream remote video and audio from the system's cameras and mics.
Vick gave Gizmodo a peek into how he identified the vulnerability:
I wear an NFC ring, and as I was exploring the back of the device with my hands, it generated a "boop"–evidence of a hidden NFC reader. I put my ring on the area again, which has an embedded URL. Sure enough, the screen broke out of the "eyes" app into the main Android interface and launched a browser. From there, I found a random APK file which prompted the "go to settings to enable untrusted apps" notification, with a link to the "Settings" app. I was then able to check "enable untrusted apps," install any app I wanted and set up said app to run on boot. In the most obvious and dangerous case, I could have installed VLC or another network streaming app to spy on future guests.
The Tokyo Reporter first broke the story. The hotel group responded with a less than dazzling mea culpa tweet: "We apologize for any uneasiness caused."
Tapia devices are manufactured by MJI Robotics.