Graham Clulely picks up on an interesting story in The Register that I had missed last week. It’s about how Japanese hotel robots were vulnerable to hacking and spying on hotel guests. And how the vendor ignored a researcher’s responsible disclosure, so he went public. Graham points us to the tweet exposing the problem:
It has been a week, so I am dropping an 0day.
The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests.
Unsigned code via NFC behind the head.
Vendor had 90 days. They didn’t care. pic.twitter.com/m2z6yLbrzq
— Lance R. Vick (@lrvick) October 12, 2019
It has been a week, so I am dropping an 0day.
The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests.
Unsigned code via NFC behind the head.
Vendor had 90 days. They didn’t care. pic.twitter.com/m2z6yLbrzq
— Lance R. Vick (@lrvick) October 12, 2019
Read more on GrahamCluley.com. Entities ignoring notifications or not responding to them appropriately is an all-too-frequent problem, and sometimes, going publicly seems appropriate — and necessary — to protect the public by adding pressure to the entity to fix a problem.