If you suspect that your robot vacuum is watching you, you might be right.
A recent report reveals a concerning vulnerability in Ecovacs.
Recently, it has been revealed that certain models of Ecovac robotic vacuums have vulnerabilities that allow hackers to access their systems, including the camera. This finding emerged after an investigation conducted in Australia by journalist Julian Fell, who, with the consent of an Ecovac vacuum owner, managed to hack one of these devices in his media office.
Fell is not a hacking expert, but he collaborated with cybersecurity researcher Dennis Giese from Northeastern University, who has dedicated years to studying the vulnerabilities of robotic vacuums. Giese explained that he has researched different manufacturers of such devices. Using a Bluetooth connection, Fell was able to download encrypted code that activated a function in the device, allowing them to access the camera feed and, more disturbingly, send a message to the vacuum's owner.
Throughout the process, the vacuum showed no signs of being under external control. When contacted about the issue, Ecovac responded that the security of its customers' data is a high priority, highlighting that they have initiated an internal review process to address the recently raised security concerns. However, the company had also previously downplayed the risks, asserting that the mentioned vulnerabilities were uncommon in typical user environments.
Giese clarified that for the specific type of hacking that was carried out, physical access to the device was not required, only a phone and the specific code. Additionally, he stated that he informed Ecovac about this vulnerability in December, although the company did not respond initially. Giese does not consider himself a malicious hacker and expressed that he has no intention of spreading the details of the hack, noting that Ecovac has simply had bad luck this year.
For those who own an Ecovac vacuum, it is recommended to ensure that their software is up to date. Although the company does not view this vulnerability as dangerous, it stated that improvements have been implemented in product security. As an additional precaution, some users have chosen to cover the vacuum's camera when it is not in use.