Ecovacs robot vacuums hacked by hackers to spy on owners

10 January 2025 2 minutes Author: Newsman

Cybersecurity researchers have discovered critical vulnerabilities in popular Ecovacs robot vacuum cleaners (The vulnerability affects several popular Ecovacs models, including the Deebot 900 series, Deebot X1/X2, Deebot N8/T8, Goat G1 and Spybot Airbot Z1 ) that allow hackers to gain control of the devices , using them to spy on and stalk users.


At the DEF CON 32 conference, researchers Denis Giese and Braileen Luedtke presented research findings that point to serious safety issues in Ecovacs’ Deebot robot vacuums. The main vulnerabilities concern the Bluetooth connection and the PIN authentication system. A hacker can connect to the device from up to 130 meters away and bypass the weak PIN code to gain full control of the robot vacuum cleaner.

Once accessed, an attacker can activate the built-in camera and microphone, turning the device into a surveillance tool. Researchers have demonstrated the ability to disable the camera’s audio signal by manipulating audio files stored on the device, allowing hackers to conduct surveillance without alerting the owner. Hacked robot vacuums can stream video and audio through cloud services such as AWS Kinesis, allowing users to be monitored remotely.

Robot vacuum cleaners are now full-fledged Linux computers with cameras, microphones, LiDAR sensors and navigation systems with artificial intelligence. Being connected to a network makes such devices vulnerable to hacking and cyber attacks. Researchers warn that in the future hackers may develop special network worms that will automatically infect such devices.

Other related articles
News
Read more
Darktrace to acquire Cado Security
Darktrace has announced plans to acquire Cado Security to expand its cloud forensics capabilities. The merger will integrate Cado's technologies with Darktrace's ActiveAI security platform to improve incident investigation and strengthen protection against threats in cloud environments.
56
News
Read more
PowerSchool paid the ransom to the hackers
PowerSchool, a provider of cloud-based software for schools, was the victim of a hacker attack and paid a ransom to avoid a data leak. The incident affected the sensitive data of millions of students, including names, addresses and social security numbers.
41
Found an error?
If you find an error, take a screenshot and send it to the bot.