Man
Professional
- Messages
- 3,093
- Reaction score
- 635
- Points
- 113
Experts warn of the growing danger of hacking smart devices.
Robot vacuum cleaners have been hacked in the United States over the past few days, according to an article by ABC News. Hackers not only gained the ability to control the devices, but also used their speakers to make offensive statements and racist remarks about people nearby.
All of the devices affected by the hack are Chinese Ecovacs Deebot X2s robot vacuum cleaners, which have already become famous for their security vulnerabilities. This lineup is known for having a critical vulnerability that makes them an easy target for attackers. For example, ABC News journalists demonstrated how you can get full access to the camera and other functions of the device.
One of the victims of these attacks is a Minnesota lawyer named Daniel Swenson. According to him, he was watching TV when the robot began to make strange noises similar to radio signal interference. Through a mobile app, Swenson saw that an unknown person had gained access to the vacuum cleaner's camera and remote control function. Attempts to change the password and reboot the device led to new problems - the robot began to move on its own again, and its speakers began to play a human voice shouting racist slurs right in front of Swenson's son.
Similar incidents occurred in Los Angeles and El Paso, where robots also began inappropriate behaviors, including chasing pets and using speakers for insults. The overall extent of the hack is still unclear.
The root of the problem is a vulnerability that allows attackers to bypass the mandatory four-digit PIN code required to control the device. This failure was detected back in December 2023. In addition, the robots have a flaw in the Bluetooth system that allows full access to the device from a distance of up to 300 meters, although this mechanism does not explain the large-scale attacks that have occurred across the country.
Ecovacs has announced that it plans to release a security update in November 2024 that should fix this vulnerability.
Source
Robot vacuum cleaners have been hacked in the United States over the past few days, according to an article by ABC News. Hackers not only gained the ability to control the devices, but also used their speakers to make offensive statements and racist remarks about people nearby.
All of the devices affected by the hack are Chinese Ecovacs Deebot X2s robot vacuum cleaners, which have already become famous for their security vulnerabilities. This lineup is known for having a critical vulnerability that makes them an easy target for attackers. For example, ABC News journalists demonstrated how you can get full access to the camera and other functions of the device.
One of the victims of these attacks is a Minnesota lawyer named Daniel Swenson. According to him, he was watching TV when the robot began to make strange noises similar to radio signal interference. Through a mobile app, Swenson saw that an unknown person had gained access to the vacuum cleaner's camera and remote control function. Attempts to change the password and reboot the device led to new problems - the robot began to move on its own again, and its speakers began to play a human voice shouting racist slurs right in front of Swenson's son.
Similar incidents occurred in Los Angeles and El Paso, where robots also began inappropriate behaviors, including chasing pets and using speakers for insults. The overall extent of the hack is still unclear.
The root of the problem is a vulnerability that allows attackers to bypass the mandatory four-digit PIN code required to control the device. This failure was detected back in December 2023. In addition, the robots have a flaw in the Bluetooth system that allows full access to the device from a distance of up to 300 meters, although this mechanism does not explain the large-scale attacks that have occurred across the country.
Ecovacs has announced that it plans to release a security update in November 2024 that should fix this vulnerability.
Source
