Monday, November 11, 2024

Ecovac Robot Vacuums Taken Control By Hackers In Multiple Cities

Numerous robot vacuums were hacked over the past few days in several U.S. cities. Not only did the attacker take control of the robot but they also yelled racial slurts through the speakers.

The affected vacuums were all Evocavs Deebot X2s, which was released earlier this year.

Daniel Swenson, who resides in Mineesota, said he was watching television when his robot vacuum started to behave strangely. He could hear what sounded like a ‘broken-up radio signal’ coming from the speakers, as well as a voice.

ecovacs app
Ecovacs robot vacuums can be controlled remotely via the app

He immediately opened the Ecovacs app, and was shocked at what he saw – a stranger accessing the robot’s live camera feed. They were also controlling the robot’s movements via the remote control feature.

Swenson originally thought it was a glitch and reset his app password, before rebooting the vacuum. He then sat back on the sofa with his family.

Within seconds, however, the vacuum started to move again and this time, it began to yell obscenities over and over again. So he turned his robot off.

While the ordeal was shocking, he said it could have been worse as they sometimes keep the robot vacuum near the bathroom in the master bedroom. He’s also glad that the hacker made himself known immediately, as opposed to having observed his family in silence.

Ecovacs Robot Vacuums Hacked in Several Cities

Several people across the U.S. reported similar instances within the same week.

One Deebot X2 not only yelled abusive comments through the onboard speakers but also chased its owner’s pet around their home.

Another Ecovacs vacuum robot in El Paso began to shout racial obscenities until it was unplugged.

deebot
All of the affected robot vacuums were Ecovacs Deebot X2s

It’s currently unknown how many Ecovacs robots were hacked in total.

Six months earlier, security experts had warned the company that there were ‘significant security issues’ in the robots as well as the app. They said the most severe flaw was with the Bluetooth connector, which allowed individuals to access the Deebot X2s from more than 100 meters away.

Given how the hacker took control of robots across several cities however, it’s unlikely that they took advantage of this particular vulnerability.

The more possible explanation is that the robots had a faulty PIN code system, meaning their video feeds and remote control features were unprotected. This would allow the hacker to take control of several devices in different locations.

Ecovacs’ Response

Following the incident with his robot vacuum, Swenson officially made a complaint to the China-based company.

swensen
Swenson was watching TV with his wife and son when their vacuum began to act strangely

Eventually, he was contacted by a senior employee that was based in the U.S.

To his surprise, however, the employee had a disbelieving tone and kept repeating that he should have taken a video of what was happening.

Swenson told him he were too busy trying to deal with the hacked robot vacuum in their home that was watching and potentially recording his family.

It wasn’t until later on that he was told the company had launched a ‘security investigation’.

They eventually told Swenson via email that his Ecovacs account had been compromised and that they had identified the attacker’s IP address and had disabled it so it would no longer be able to access the vacuum and app.

 

Brooke Carter
Brooke Carter
Freelance writer who loves dogs and anything related to Japanese culture.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here