US NewsHackers hijack cleaning robots: Racial slurs and security flaws exposed

Hackers hijack cleaning robots: Racial slurs and security flaws exposed

In several cities across the USA, hackers have taken control of cleaning robots, targeting one popular model of the device.

Hackers hijack cleaning robots: Racial slurs and security flaws exposed
Images source: © @abc.net.au | Esther Linder

9:11 AM EDT, October 12, 2024

Within a few days, cleaning robots in many American cities were hacked. The hackers took control of their movements and caused the devices to emit obscene words through the built-in speakers. Additionally, they gained full access to the cameras with which the vacuuming robots are equipped.

The vacuum shouted racist insults

According to the portal abc.net.au, all hacked devices are of one specific model: the Ecovacs Deebot X2. Daniel Swenson, a lawyer from Minnesota, whose vacuum was one of those taken over by unknown perpetrators, recounted the hacking incident to Australian television ABC.

Swenson was watching television when he heard strange noises. He recalled, "It sounded like a disrupted radio signal or something like that. You could hear snippets of what sounded like a voice." Through the Ecovacs app, the lawyer noticed an issue with access to the live camera feed and remote control of the vacuum. Assuming it was a glitch, Swenson reset the password, restarted the robot, and sat back on the couch next to his wife and 13-year-old son.

Almost immediately, the vacuum started moving again. This time, there was no doubt about what was coming out of the speaker. The voice shouted racist insults, loudly and clearly, repeatedly yelling, [the slurs]" Swenson said, "It seemed to me that the voice belonged to a kid, maybe a teenager." The lawyer immediately turned off the robot completely. He emphasized feeling relieved that the hackers loudly announced their presence instead of discreetly recording camera footage. It's unclear how many robots were hacked in total, though ABC reported on several incidents in various cities.

Leak of logins and passwords?

When Swenson filed a complaint with the manufacturer, they informed him, "An unauthorized person has taken over Your Ecovacs account and its password." The company assured him that the perpetrator's IP was tracked and blocked. Swenson decided not to risk reconnecting the robot, which has been gathering dust in the garage since the incident. In a later email, the manufacturer informed him that there is a "high probability that your Ecovacs account was affected by a credential stuffing cyberattack." This occurs when someone reuses the same username and password on multiple websites, and this combination is stolen in a cyberattack.

Ecovacs had already been aware of digital security flaws in this model of vacuum. On October 3, ABC published a report in which, without entering the home of an informed viewer, they took control of their robot and recorded everything happening in the kitchen. In a media statement, Ecovacs announced that in November they would release a security update for owners of the X2 series.

© essanews.com
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.