Malicious hackers can take over control of vacuum and lawn mower robots made by Ecovacs to spy on their owners using the devices’ cameras and microphones, new research has found.
Security researchers Dennis Giese and Braelynn are due to speak at the Def Con hacking conference on Saturday detailing their research into Ecovacs robots. When they analyzed several Ecovacs products, the two researchers found a number of issues that can be abused to hack the robots via Bluetooth and surreptitiously switch on microphones and cameras remotely.
“Their security was really, really, really, really bad,” Giese told TechCrunch in an interview ahead of the talk.
The researchers said they reached out to Ecovacs to report the vulnerabilities but never heard back from the company, and believe the vulnerabilities are still not fixed and could be exploited by hackers.
zaphod@sopuli.xyz 3 months ago
Am I the only one who thinks vacuums, washing machines, fridges and so on shouldn’t be connected to the internet?
tudor@lemmy.world 3 months ago
I’d like some of them to connect to my local network, but not the Internet. I’ll work it out myself from there onwards and make some remote control solution myself, thank you.
GreyEyedGhost@lemmy.ca 3 months ago
I don’t disagree, but I think automation is cool, especially if you can keep it local (or have the tools to secure it on the internet). Valetudo can help make that possible. My current robot vacuum is pretty crappy, but it doesn’t have cameras or mapping. My next will be one that has mapping and can be easily flashed with local hosting.
MrPoopbutt@lemmy.world 3 months ago
Flashing a dreame L10s was difficult but worth it. I’d recommend it if you have the expertise. I did end up having to buy a USB breakout board from eBay, though.
JudahBenHur@lemm.ee 3 months ago
no you are not. I will not buy an internet connected anything as long as possible.
Telorand@reddthat.com 3 months ago
I’ve seen tower fans with Wifi. Why on earth does a fan need to contact the internet?
Lifecoach5000@lemmy.world 3 months ago
I’m not super happy about it, but my roomba is absolutely essential now that I’ve been spoiled with it. I don’t like the idea of any of my appliances being online straight tied to a vendor’s app and service - but I’m willing to accept the trade off in this instance. Maybe someday I’ll upgrade to a different robot vac. I know there are FOSS setups to work around some of those challenges and circumvent some of the BS.
Wildly_Utilize@infosec.pub 3 months ago
As someone who has never felt the need for a roomba
What so you like so much about it?
skyspydude1@lemmy.world 3 months ago
The good news with iRobot is that they actually have pretty solid cybersecurity. They also do a pretty great job of supporting parts for old robots and make them quite easy to repair. For a typical consumer product, I feel like they’re far better than most companies in terms of how shitty they could be vs how shitty they actually are.
lemmee_in@lemm.ee 3 months ago
I don’t even have a smart tv, I don’t want anything other than my phone and laptop connected to the internet.
barsquid@lemmy.world 3 months ago
I keep asking this in comments around this kind of article. People are like, “it’s convenient though.”
Imgonnatrythis@sh.itjust.works 3 months ago
With pets at home a robot camera can be kind of nice. Seems obvious that security needs to be a priority with something like that though. It’s just a shame these companies are so sloppy with it.