Malicious hackers can take over control of vacuum and lawn mower robots made by Ecovacs to spy on their owners using the devices’ cameras and microphones, new research has found.

Security researchers Dennis Giese and Braelynn are due to speak at the Def Con hacking conference on Saturday detailing their research into Ecovacs robots. When they analyzed several Ecovacs products, the two researchers found a number of issues that can be abused to hack the robots via Bluetooth and surreptitiously switch on microphones and cameras remotely.

“Their security was really, really, really, really bad,” Giese told TechCrunch in an interview ahead of the talk.

The researchers said they reached out to Ecovacs to report the vulnerabilities but never heard back from the company, and believe the vulnerabilities are still not fixed and could be exploited by hackers.

  • Lifecoach5000@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    4 months ago

    I’m not super happy about it, but my roomba is absolutely essential now that I’ve been spoiled with it. I don’t like the idea of any of my appliances being online straight tied to a vendor’s app and service - but I’m willing to accept the trade off in this instance. Maybe someday I’ll upgrade to a different robot vac. I know there are FOSS setups to work around some of those challenges and circumvent some of the BS.

      • Lifecoach5000@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        ·
        4 months ago

        I dispise vacuuming and sweeping and I have 2 canines, so there’s a lot of fur and grime on the floor that needs regular tending to. I bought the roomba model that is self charging and self emptying, so you can just let it run in a set it and forget it fashion.

        Alternatively, it also actually helps motivate me to do other chores as well. I have to pick up everything off the floor before running the vac, and at that point I just start tidying up other things while letting it run.

        • Wildly_Utilize@infosec.pub
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          Oh OK cool I didn’t realize they had self cleaning ones now. That does sound really convenient for hairy dogs

          • Solemn@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            Mine also mops, refills the mop water and soap, washes it’s own mop, and drains the dirty water down the drain.

      • dirthawker0@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        I hate lugging around that heavy noisy thing, and I don’t have pets. I’m a bit shocked at how much hair two humans drop in a week. The robovac runs twice a week and I empty it once a week, and it keeps the more open/obvious spaces looking pretty pristine. Dust on a shiny floor really shows. There are places where it cannot go and those need to be done by me, but they’re less visible areas so no need for frequent vacuuming.

    • skyspydude1@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      The good news with iRobot is that they actually have pretty solid cybersecurity. They also do a pretty great job of supporting parts for old robots and make them quite easy to repair. For a typical consumer product, I feel like they’re far better than most companies in terms of how shitty they could be vs how shitty they actually are.