Malicious hackers can take over control of vacuum and lawn mower robots made by Ecovacs to spy on their owners using the devices’ cameras and microphones, new research has found.

Security researchers Dennis Giese and Braelynn are due to speak at the Def Con hacking conference on Saturday detailing their research into Ecovacs robots. When they analyzed several Ecovacs products, the two researchers found a number of issues that can be abused to hack the robots via Bluetooth and surreptitiously switch on microphones and cameras remotely.

“Their security was really, really, really, really bad,” Giese told TechCrunch in an interview ahead of the talk.

The researchers said they reached out to Ecovacs to report the vulnerabilities but never heard back from the company, and believe the vulnerabilities are still not fixed and could be exploited by hackers.

  • @[email protected]
    link
    fedilink
    English
    43 months ago

    For some robtos there seems to be a self hosted version of the servers available. Though I haven’t found the actual installation guide yet.

    Reference

    • @NeoNachtwaechter
      link
      English
      13 months ago

      Good to know.

      But does it disable these current security holes?

      • @[email protected]
        link
        fedilink
        English
        23 months ago

        I can’t tell for sure, but IMO it’s pretty secure when you can block internet access for the robots as a whole.

        • @NeoNachtwaechter
          link
          English
          2
          edit-2
          3 months ago

          Well, they refuse to work… :)

          and no, maybe it is not secure even then, since the current attack goes by bluetooth