Robot vacuum cleaners shout racial slurs, chase pets after cyber attack
A threat actor has hacked robot vacuum cleaners into American homes, forcing them to torment pets and shout racial slurs.
According to a alphabet According to the report, the hacker took remote control of several Ecovacs Deebot X2 before using the live camera feed and remote control feature to cause chaos for device owners.
Although a user spoke with the alphabet Upon restarting the device and resetting its password, the robot vacuum continued to cause problems.
“I got the impression he was a boy, maybe a teenager,” the owner said, speaking to tthe abc. “Maybe they were just jumping from device to device, playing with families.”
The owner said his main concern was the device’s ability to be used for surveillance and spying, and he was concerned that it could see him or his family undress. The problem was only resolved when the device was turned off and then stored in the garage.
The ABC reported another user who had his Deebot X2 hacked, causing him to chase his dog around the house while yelling racial slurs.
It is currently unknown how many devices were affected.
Earlier this month (October 4), tthe abc demonstrated that the Deebot X2 had a security flaw by hacking into one and taking control of the video stream.
As with illegally hacked devices in the US, the vacuum cleaner did not sound the alarm that notifies the owner that the camera is being used.
Similarly, security researchers had previously told Ecovacs that its devices have security flaws, including one that allowed threat actors to take control of them via the Bluetooth connector from more than 100 meters away. The other showed that the PIN system for accessing the video stream and remote control was faulty.
While Ecovacs fixed the problem, sources who spoke to tthe abc He said they were insufficient.
Ecovacs will reportedly release a firmware update in November to further strengthen security in response tothe ABC recommendations.
“Ecovacs respects the practice of security experts identifying potential vulnerabilities through investigations and proactively sharing their findings with companies. “We believe that the interaction between security experts and companies, through offensive and defensive tests and the publication of results, contributes to the improvement of product security,” he said in a statement.
“Ecovacs has always prioritized product and data security, as well as the protection of consumer privacy. We assure customers that our existing products offer a high level of safety in daily life and that consumers can use Ecovacs products with confidence.
“We have improved the Ecovacs X2 remote live video PIN bypass issue in August 2024. Only the X2 series has this vulnerability, which will be fixed in November via an OTA firmware update. No other Ecovacs models are affected.”