iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A threat actor has hacked robot vacuums in US households, causing them to torment household pets and shout racial slurs.
According to an ABC report, the hacker took remote control of several Ecovacs Deebot X2s before using its live camera feed and remote control feature to cause chaos for device owners.
Despite one user speaking with the ABC restarting the device and resetting his password, the robot vacuum continued to cause issues.
“I got the impression it was a kid, maybe a teenager,” said the owner, speaking with the ABC. “Maybe they were just jumping from device to device, messing with families.”
The owner said his main concern was the ability of the device to be used for surveillance and spying, and he worried it would be able to watch himself or his family undressed. The issue was only resolved when the device was turned off and then stored in the garage.
The ABC reported another user who had their Deebot X2 hacked, resulting in it chasing their dog around the house as it shouted racial slurs.
It is currently unknown just how many devices were affected.
Earlier this month (4 October), the ABC proved that the Deebot X2 had a security flaw by hacking into one and taking control of the video feed.
Like with the illegally hacked devices in the US, the vacuum failed to play the alarm that notifies the owner that the camera is being used.
Similarly, security researchers had previously told Ecovacs that its devices have security flaws, including one that allowed threat actors to take control of them through the Bluetooth connector from over 100 metres away. The other demonstrated that the PIN system for accessing the video feed and remote control was flawed.
While Ecovacs patched the issue, sources speaking with the ABC said they were insufficient.
Ecovacs is reportedly issuing a firmware update in November to bolster security further in response to the ABC’s findings.
“Ecovacs respects the practice of security experts who identify potential vulnerabilities through research and proactively share their findings with companies. We believe that the interaction between security experts and companies, through offensive and defensive testing and the publication of results, contributes to the improvement of product security,” it said in a statement.
“Ecovacs has always prioritised product and data security, as well as the protection of consumer privacy. We assure customers that our existing products offer a high level of security in daily life and that consumers can confidently use Ecovacs products.
“We have improved the Ecovacs X2 Remote Live Video PIN bypass issue in August 2024. Only the X2 Series has this vulnerability, which will be corrected in November via an OTA firmware update. No other Ecovacs models are affected.”
Be the first to hear the latest developments in the cyber industry.
