Japanese hotel robots can be hacked to spy on guests in their bedrooms

Graham Cluley
Graham Cluley
@[email protected]

There’s a hotel near Nagasaki, Japan, which is staffed by robots.

You can choose to be checked in to your room at the Henn na Hotel either by a robot in the shape of a dinosaur or a blank-faced fembot, because… well, Japan.

Where hotel is staffed by robots - BBC Click

As The Register describes, once you make it up to the room and unlock the door through facial recognition (what happens if there’s a power cut?) all your other requirements are handled by a bedside robot.

Sign up to our free newsletter.
Security news, advice, and tips.

If it sounds bonkers that’s because it is bonkers and – you may not be surprised to hear – not entirely popular with guests.

In fact, in January this year it was reported that the hotel was halving its robotic workforce in half as many of them were better at creating work for human than reducing it:

“The Henn na Hotel in Japan, translated as Strange Hotel, found that robots annoyed the guests and would often break down. Guests complained their robot room assistants thought snoring sounds were commands and would wake them up repeatedly during the night. Meanwhile, the robot at the front desk could not answer basic questions. Human staff ended up working overtime to repair robots that stopped working.”

Who would have imagined that dinosaurs wouldn’t make the perfect hotel receptionist?

Anyway, it turns out that the hotel’s problems haven’t ended there.

Security researcher Lance R Vick has revealed that back in July he informed the HIS Group that runs the Hen Na Hotel that the bedside robots found in each room can be easily hacked to allow anyone to remotely spy on guests.

According to Vick, “unsigned code” on the bed-facing bots allows a user to tap an NFC tag on the back of its head, and grant access via a streaming app of their own choosing.

Having not received any response from the hotel chain, Vick decided to publicly reveal details of his hack in the hope that media attention would stir the company into action and warn unsuspecting hotel guests that their nocturnal activities might be snooped upon.

Vick even went so far as to pay for a promoted tweet to spread word of the flaw, frustrated that the news may not spread far enough.

His tactic seems to have worked. Local media reports claim that HIS Group has now acknowledged that a flaw exists and is taking steps to resolve the issue.

Maybe privacy-conscious guests would be wise to not place too much trust in gizmo-obsessed hotels, and if they do find themselves booked into such a bonkers hotel room unplug any unnecessary robot gadgets.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.