Hackers hijack Ecovacs robotic vacuums to harass pets and owners
Earlier this year, hackers targeted Ecovacs Deebot X2 Omni robotic vacuums in a number of US cities. The perpetrators used these devices to harass pets and hurl racial slurs at their owners, ABC News Australia reported. Several Deebot X2 owners reported incidents of their devices being compromised in May. One such victim was Daniel Swenson, a Minnesota-based lawyer who heard strange noises from his robot's speaker while watching TV with his family.
Robotic vacuums used to antagonize pets
Swenson described the noise as "like a broken-up radio signal or something." After resetting his password and rebooting the robot, he said it started again. But this time the sound was clearly a voice — which he guessed belonged to a teenager — yelling slurs. Similar incidents were reported by owners in El Paso and Los Angeles. In one case, an individual used a Deebot to antagonize a dog by shouting at it and chasing it around.
Ecovacs responds to hacking incidents
In the wake of these incidents, Ecovacs has recently released a statement to ABC News saying it had "identified a credential stuffing event" and blocked the originating IP address. The company also assured it "found no evidence" of usernames and passwords being collected by the attacker. Last year, researchers had exposed a flaw that let them bypass the Deebot X2's PIN entry and gain access to the vacuum.
Plan to enhance security measures
Ecovacs confirmed in its statement that it has resolved the PIN bypass issue. The company also announced plans to "further enhance security" with an update scheduled for November. However, it remains unclear whether this update will address a Bluetooth vulnerability that ABC News exploited for a report earlier this month. The incident highlights the potential risks of cloud-connected smart home devices, which often require a persistent internet connection to function and may be vulnerable to hacks or compromised credentials.
