Worried about your robot vacuum being used to spy on you? Given the right tools and circumstances, a well-equipped hacker could access an Ecovacs robot vacuum in a newly tested security loophole.
A recent ABC News report showed a professional hacker successfully remotely accessing an Ecovacs Deebot X2 Omni via Bluetooth. it followed security concerns presented by researchers at a hacking conference in August over Ecovacs’ robot vacuums. According to the researchers, hackers could use a phone to assume control of an Ecovacs robot with a Bluetooth connection, granting access to the device’s microphone and camera.
Dennis Giese, one of the researchers involved, reportedly informed Ecovacs about the security vulnerability in December 2023 but didn’t hear back. It wasn’t until Giese went public in August that Ecovacs first responded.
Examples of the remote access loophole have so far involved well-equipped hackers able to access devices within close proximity. In a statement to GadgetGuy, Ecovacs explained its approach to security.
“Ecovacs respects the practice of security experts who identify potential vulnerabilities through research and proactively share their findings with companies,” an Ecovacs spokesperson said. “We believe that the interaction between security experts and companies, through offensive and defensive testing and the publication of results, contributes to the improvement of product security.”
“Ecovacs has always prioritised product and data security, as well as the protection of consumer privacy. We assure customers that our existing products offer a high level of security in daily life, and that consumers can confidently use Ecovacs products.”
Another issue Giese identified was hackers’ ability to access a device’s PIN code. Ecovacs pushed a fix to this in August, followed by another update due out next month.
“To further enhance the security of the X2 series firmware, an over-the-air (OTA) firmware update will be made available in November 2024.”
Which Ecovacs devices are affected?
It’s not yet known how many models face the same issue reported with the Deebot X2 Omni. Not every Ecovacs device includes built-in microphones and cameras; they’re usually reserved for the brand’s premium range.
Giese’s findings, as reported on TechCrunch, spanned additional models including the Deebot X1 and Deebot T20. GadgetGuy has asked Ecovacs which devices the current vulnerability impacts.
As more smart home technology becomes ubiquitous, the scrutiny on them increases. Eufy, the Anker-owned security brand, was exposed by The Verge in 2022 for cameras sending unencrypted video feeds to cloud servers. While the current Ecovacs issue is more localised, it’s still a reminder of the need to take privacy seriously.
Read more smart home news on GadgetGuy
The post Ecovacs responds to security hack concerns about robot vacuums appeared first on GadgetGuy.
0 comments:
Post a Comment