Robot vacuum from popular brand has cameras and speakers hacked in new report
Robot vacuums are increasingly capable in terms of how accurately and thoroughly they can scrub a floor for their human owners. But are they that trustworthy in other, more important ways?
Brisbane, Australia resident Sean Kelly reportedly participated in an experiment to see if the robot vacuum he had had in his home for “the better part of a year” could really be “hacked” by a “payload” prepared by “independent security and privacy researcher” Dennis Giese.
It reportedly allowed journalist Julian Fell to hijack the robot vacuum from a park outside the fourth-floor office in which the robot was located, gaining accessing to all its functions “logs, WiFi credentials and...full network access” included.
Both Fell and Giese were able to view video and photos taken with the device's inbuilt camera, even though the latter was located in Berlin, Germany – thousands of miles away from its location. The attackers also claimed to be able to co-opt the vacuum's speaker in order to send a “creepy” message Kelly's way (“Hello Sean...I’m waaaatching you....”).
The vacuum in question - identified as a Deebot X2 from Ecovacs – did not apparently even play a warning noise when its camera was activated. Its OEM responded with claims that there is no reason for its users to “worry excessively” when Giese's findings were made public in December 2023, as “specialised hacking tools and physical access” are required to breach the device's data security.
Nevertheless, the researcher asserts that it took nothing more than wireless access to compromise the V2 (currently priced at $949.99 on Amazon). On the other hand, Giese does concede that physical access – and sometimes even a partial teardown – is indeed required to 'hack' other robot vacuums.
Ecovacs has publicly committed to fixing its “security issues”, but has yet to update all of its vacuums accordingly, its latest model of the time included. As for the V2 itself, its vulnerabilities will reportedly be patched, but not until November 2024.
Are you a techie who knows how to write? Then join our Team! Wanted:
- News translator (DE-EN)
- Review translation proofreader (DE-EN)
Details here