Hackers took control of robot vacuums across the US earlier this year, allegedly making them shout racist obscenities in their owners’ homes.
Daniel Swenson, a lawyer based in Minnesota, tells Australia’s ABC News that his cleaning robot came into his living room and started shouting yelling in front of his wife and 13-year-old son. He said the voice sounded like a teenager.
The vacuums include remote-viewing features, meaning it may have been possible for the hackers to access their cameras remotely while inside their owners’ homes.
Another victim told ABC their dog was chased around their Los Angeles home by a rogue vacuum on May 24—the same day the Minnesota man had his vacuum breached.
The manufacturer, Ecovacs, confirmed that security breaches had occurred in an official statement, but denied its systems were compromised directly. The Chinese company blamed “credential stuffing,” where hackers use login details that have been re-used across multiple websites or apps to gain access to a system. For example, a hacker with someone’s Instagram password might also try it on Amazon or a bank website to see if it works there, too.
“Ecovacs has always prioritized product and data security, as well as the protection of consumer privacy,” it says. “We assure customers that our existing products offer a high level of security in daily life and that consumers can confidently use Ecovacs products.”
The firm advised users to use strong, unique passwords and strengthen their Wi-Fi security.
Stay Safe: 8 Ways to Protect Your Smart Home From Hackers
Readers’ Choice 2024: Your Favorite Robot Vacuum Brands
Readers’ Choice 2024: The Home Security Brands You Trust Most
The news comes after cybersecurity researchers Dennis Giese and Braelynn identified a myriad of security vulnerabilities in Ecovacs devices a few months ago. They used one of their robot’s Bluetooth connections to take control of the device from a distance of up to 450 feet. Once the device had been compromised via Bluetooth, the hackers could then remotely access the remote from anywhere in the world, provided the robot was connected to a Wi-Fi network.
As TechCrunch reports, the researchers, who presented their findings at this year’s Def Con conference, were also able to switch on robots’ microphones and cameras remotely during their research to spy on their owners.
Consumers have long been concerned about their smart devices invading their privacy. In 2020, a survey by PCMag found that 68% of respondents think that smart home devices listen to you when you aren’t aware, and share the data with the companies who make them.
