Oct 272019
 
 October 27, 2019  Posted by  Breaches, Business, Non-U.S., Surveillance

Graham Clulely picks up on an interesting story in The Register that I had missed last week. It’s about how Japanese hotel robots were vulnerable to hacking and spying on hotel guests. And how the vendor ignored a researcher’s responsible disclosure, so he went public. Graham points us to the tweet exposing the problem:

It has been a week, so I am dropping an 0day.

The bed facing Tapia robot deployed at the famous Robot Hotels in Japan can be converted to offer anyone remote camera/mic access to all future guests.

Unsigned code via NFC behind the head.

Vendor had 90 days. They didn’t care. pic.twitter.com/m2z6yLbrzq

— Lance R. Vick (@lrvick) October 12, 2019

Read more on GrahamCluley.com.  Entities ignoring notifications or not responding to them appropriately is an all-too-frequent problem, and sometimes, going publicly seems appropriate — and necessary — to protect the public by adding pressure to the entity to fix a problem.

Sorry, the comment form is closed at this time.