Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
Ecovacs security issues allow access to the device's camera and microphone.
Cybersecurity researchers Dennis Giese and Braelynn have discovered that Ecovacs robotic vacuum cleaners and lawn mowers can become a tool for spying on their owners.
Research presented at Def Con showed that attackers can gain control of devices via Bluetooth and use built-in cameras and microphones for surveillance. Moreover, the identified security issues allow you to hack devices in just a few seconds.
According to an interview with TechCrunch, the main vulnerability is the ability to connect to the robot via Bluetooth at a distance of up to 130 meters. Hackers can then access the device over the Internet, since the robots are connected to Wi-Fi. After hacking, attackers can control the robot, access indoor maps, and turn on cameras and microphones.
Especially disturbing is the fact that most new Ecovacs models have at least one camera and microphone installed, and there are no device activity indicators. Theoretically, some models should be notified every 5 minutes if the camera is turned on, but hackers can easily delete the file with this setting and continue to observe unnoticed.
Additionally, the researchers identified other problems with Ecovacs devices. For example, user data remains on the company's cloud servers even after the account is deleted, which allows cybercriminals to retain access to the device. A weakly secure PIN code on lawn mowers was also discovered, which is stored in plain text and can be easily found and used.
Giese and Braelynn tried to contact Ecovacs to report the vulnerabilities they found, but received no response. Experts express serious concern that the company has not yet fixed the problems, which leaves millions of users around the world vulnerable to potential attacks. According to experts, if at least one of the studied devices is hacked, attackers can also gain access to other Ecovacs robots located nearby.
Source
Cybersecurity researchers Dennis Giese and Braelynn have discovered that Ecovacs robotic vacuum cleaners and lawn mowers can become a tool for spying on their owners.
Research presented at Def Con showed that attackers can gain control of devices via Bluetooth and use built-in cameras and microphones for surveillance. Moreover, the identified security issues allow you to hack devices in just a few seconds.
According to an interview with TechCrunch, the main vulnerability is the ability to connect to the robot via Bluetooth at a distance of up to 130 meters. Hackers can then access the device over the Internet, since the robots are connected to Wi-Fi. After hacking, attackers can control the robot, access indoor maps, and turn on cameras and microphones.
Especially disturbing is the fact that most new Ecovacs models have at least one camera and microphone installed, and there are no device activity indicators. Theoretically, some models should be notified every 5 minutes if the camera is turned on, but hackers can easily delete the file with this setting and continue to observe unnoticed.
Additionally, the researchers identified other problems with Ecovacs devices. For example, user data remains on the company's cloud servers even after the account is deleted, which allows cybercriminals to retain access to the device. A weakly secure PIN code on lawn mowers was also discovered, which is stored in plain text and can be easily found and used.
Giese and Braelynn tried to contact Ecovacs to report the vulnerabilities they found, but received no response. Experts express serious concern that the company has not yet fixed the problems, which leaves millions of users around the world vulnerable to potential attacks. According to experts, if at least one of the studied devices is hacked, attackers can also gain access to other Ecovacs robots located nearby.
Source
