Notebookcheck Logo

Robot vacuum from popular brand has cameras and speakers hacked in new report

The Deebot X2. (Image source: Ecovacs)
The Deebot X2. (Image source: Ecovacs)
Automatic floor cleaners are one of the most popular and widespread form of household robots right now. However, they come with potential privacy issues that are much less desirable, according to a smart home security researcher. One particular robot vacuum located in Australia reportedly contains vulnerabilities that allow attackers to hijack its camera and speakers completely wirelessly and remotely.

Robot vacuums are increasingly capable in terms of how accurately and thoroughly they can scrub a floor for their human owners. But are they that trustworthy in other, more important ways?

Brisbane, Australia resident Sean Kelly reportedly participated in an experiment to see if the robot vacuum he had had in his home for “the better part of a year” could really be “hacked” by a “payload” prepared by “independent security and privacy researcherDennis Giese.

It reportedly allowed journalist Julian Fell to hijack the robot vacuum from a park outside the fourth-floor office in which the robot was located, gaining accessing to all its functions “logs, WiFi credentials and...full network access” included.

Both Fell and Giese were able to view video and photos taken with the device's inbuilt camera, even though the latter was located in Berlin, Germany – thousands of miles away from its location. The attackers also claimed to be able to co-opt the vacuum's speaker in order to send a “creepy” message Kelly's way (“Hello Sean...I’m waaaatching you....”).

The vacuum in question - identified as a Deebot X2 from Ecovacs – did not apparently even play a warning noise when its camera was activated. Its OEM responded with claims that there is no reason for its users to “worry excessively” when Giese's findings were made public in December 2023, as “specialised hacking tools and physical access” are required to breach the device's data security.

Nevertheless, the researcher asserts that it took nothing more than wireless access to compromise the V2 (currently priced at $949.99 on Amazon). On the other hand, Giese does concede that physical access – and sometimes even a partial teardown – is indeed required to 'hack' other robot vacuums.

Ecovacs has publicly committed to fixing its “security issues”, but has yet to update all of its vacuums accordingly, its latest model of the time included. As for the V2 itself, its vulnerabilities will reportedly be patched, but not until November 2024.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Mail Logo
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2024 10 > Robot vacuum from popular brand has cameras and speakers hacked in new report
Deirdre O'Donnell, 2024-10- 4 (Update: 2024-10- 4)