First came the nanny cams and home assistants, then came the security doorbells, now it's the age of the hacked vacuums.
First reported by ABC News Australia, owners of robot vacuums across multiple U.S. states experienced invasive hacking of their devices by individuals who took physical control of the cleaning bots and used their internal audio features to shout racial slurs at people in their homes. Owners first heard garbled voices coming from their devices, then noticed the vacuum's live feed camera and remote controls were turned on via the device's app.
All of the affected devices were manufactured by brand Ecovac, specifically the company's Deebot X2 model. The hack was confirmed to one customer after they filed a complaint through customer support.
Smart devices have long worried security experts and users for their potential vulnerabilities. In August, cyber security researchers uncovered multiple vulnerabilities in Ecovacs products (including lawn mowers) that could allow hackers to take control of microphones and cameras via mobile Bluetooth connections — to put it simply, researchers concluded the company's security was "really, really, really, really bad."
Design elements intended to protect users, like an audio alert that lets individuals know the vacuum's camera is on, could be easily switched off.
In a statement to TechCrunch at the time of it's release, Ecovacs said it wouldn't fix the uncovered flaws, saying that users could "rest assured that they do not need to worry excessively about this." The company has a history of security breaches, including hacked device cameras that allowed cyberattackers to spy on owners, and has stirred concern over how it handles user data stored on cloud servers.
Needless to say: It might be a good time to refresh your passwords, vacuums included.
