Robot vacuum cleaners across the country were hacked within the space of several days, according to reporting by ABC News. This allowed the attackers to not only control the robovacs, but also use their speakers to hurl racial slurs and abusive comments at anyone nearby.
All of the affected robots were of the same make and model, the Chinese-made Ecovacs Deebot X2. This particular robovac has earned a reputation because it is easy to hackthanks to a critical security flaw. ABC Newsfor example, he was able to gain full control of one of the robots, including the camera.
One victim of this week's attacks was a Minnesota lawyer named Daniel Swenson. he said alphabet that he was watching television when the robot started making strange noises, like “a radio signal interrupted or something.” Through the app, Swenson was able to realize that a stranger was accessing the live camera feed and remote control feature.
He reset the password and restarted the vacuum, but that's when the weirdness really started. It immediately began to move again on its own and the speakers began to emit a human voice. This voice was yelling racist obscenities right in front of Swenson's son.
“I got the impression it was a kid, maybe a teenager,” Swenson said. “Maybe they were just jumping from device to device playing with families.” In the end, he said it could have been worse, like the vacuum cleaner was silently spying on his family for days on end.
Swenson's device was hacked on May 24. That same day, another Deebot X2 in Los Angeles began chasing a dog. This vacuum cleaner's speakers also shouted abusive comments. Five days later, a similar incident occurred in El Paso. It is not yet clear how many of the company's devices have been hacked in total.
The root of this problem is a security flaw that allows bad faith actors to bypass the four-digit security PIN required to gain control of the vacuum. This issue originally came to light in December 2023. The Bluetooth connector also has a flaw that allows full access from up to 300 feet away. However, the attacks occurred across the country, so the Bluetooth vulnerability is an unlikely culprit.
According GizmodoThe company has developed a patch to eliminate the aforementioned security flaw that will be implemented in November. We have contacted Ecovacs for confirmation on this.
