Hackers Made Robot Vacuums Shout Random Racial Slurs.

A group of robotic vacuums across the country was subject to hacking over a short period of days, causing the attackers to take control of the devices and use their speakers to launch racial slurs and abusive comments directed at nearby individuals. All affected robots belong to the same model, the Ecovacs Deebot X2s, manufactured in China, which has gained notoriety for its susceptibility to hacking due to a significant security vulnerability.

A Minnesota attorney, Daniel Swenson, was one of the victims of these attacks. While watching television, he heard strange noises coming from the robot, which he described as "a broken radio signal." Upon checking the app, he realized that a stranger was accessing the live camera and remote control function of his vacuum cleaner.

After rebooting the device and changing the password, the situation became more unsettling: the robot began to move on its own, and the speakers emitted a human voice that uttered racist obscenities in front of his child. Swenson remarked that the voice seemed to belong to a young person, suggesting that someone might be jumping from device to device to disturb different families. Although he noted that the situation could have been worse, such as silent spying, the event was nonetheless disturbing.

The attack on Swenson occurred on May 24, and on the same day, another Deebot X2s in Los Angeles chased a dog while emitting insulting comments. A similar incident was reported in El Paso five days later. However, it remains unclear how many devices of the brand have been compromised in total.

The problem lies in a security vulnerability that allows attackers to bypass the four-digit PIN required to control the vacuum. This issue was first identified in December 2023. Additionally, there is a flaw in the Bluetooth connector that allows full access from a distance of up to 300 feet; however, since the attacks occurred in different parts of the country, this vulnerability does not seem to be the primary cause.

It has been reported that the company is working on a patch to address this security vulnerability, which is expected to be implemented in November.