Rebecca Manzi More and more cases of “crazy” robot vacuum cleaners uttering insults or chasing animals after being hacked
@cottonbro studio/Pexels
Within the past months, several hacking incidents have been reported involving Ecovacs Deebot X2 robotic vacuums in the United States to the dismay of their owners. Hackers had commandeered the robots, sending them to behave erratically-and sometimes alarmingly-like automated cleaners. Such a scenario has been the fantasy target for hackers.
“It was terrifying” – A Minnesota resident’s experience
Of those, one reported that a Minnesota owner’s Roomba started emitting intermittent, radio-like voices through its speaker. An attempt to reset it only made matters worse: the vacuum started repeatedly uttering offensive racial slurs, leaving the owner in shock and dismay.
Unfortunately, that was not an isolated incident. There is reportedly another Deebot robot running around a house in California, also chasing the family dog while screaming loudly to scare it. And in El Paso, Texas, yet another unit started insulting its owners in the middle of the night.
Vulnerabilities allow hackers to control camera and microphone
These incidents exposed security flaws in some robotic vacuum models’ control systems, primarily manufactured by Ecovacs. In this regard, the hackers took control of the devices by manipulating the Bluetooth vulnerabilities of these vacuums and were able to access it as far as 328 feet away.
Once hackers gain control, the vacuum’s camera and microphone can easily be manipulated to spy on household activities and even interact with the owners in the most disturbing ways. Although Ecovacs acknowledged the problem and initiated investigations into these incidents, measures taken so far appear too minimal to contain the problem.
Security Eexperts warned the company months ago
Accordingly, security experts had brought these matters to the attention of Ecovacs some months in advance, yet the reported flaws remain only partially resolved. While a security update is planned for November 2024, it is an open concern for many users that hackers may continue to exploit these weaknesses until the patch is released.
The attacks underline the urgent need to reevaluate the security of smart devices and the degree of vulnerability they may expose to cyberattacks. Users of robotic vacuums have been advised to reset their password regularly and consider additional measures in securing their privacy and home security.
