According to information, robotic vacuums were broken within days across the country report by ABC News. This allowed attackers to not only control the robots, but also use their speakers to hurl racial slurs and offensive comments at anyone nearby.
The affected robots were all the same make and model, Chinese-made Ecovacs Deebot X2s. This particular robovac has gained a reputation because it is easy to hackthanks to a critical security flaw. ABC Newsfor example, he was able to take full control of one of the robots, including the camera.
One of the victims of this week’s attacks was Minnesota attorney Daniel Swenson. he said ABC He said he was watching TV when the robot started making strange noises like “a fragmented radio signal or something.” Through the app, Swenson could tell if a stranger was accessing a live camera feed and a remote control feature.
He reset the password and restarted the vacuum, but that’s when the weirdness started. He immediately began to move again of his own volition and the speakers began to produce a human voice. The voice was shouting racist obscenities in front of Swenson’s son.
“I got the impression it was a child, maybe a teenager,” Swenson said. “Maybe they were jumping from device to device, mingling with families.” Finally, he said it could have been worse, like the vacuum had been silently watching his family for days.
On May 24, Swenson’s device was hacked. That same day, another Deebot X2 started chasing dogs in Los Angeles. Speakers of this vacuum also made offensive comments. Five days later, a similar incident occurred in El Paso. It is not known how many of the company’s devices were hacked in total.
At the root of this problem is a security flaw that allows malicious actors to bypass the four-digit security PIN required to gain control of the vacuum. This issue first appeared in December 2023. The Bluetooth connector also has the drawback of providing full access from a distance of 300 feet. However, the attacks have occurred domestically, so a Bluetooth vulnerability is an unlikely culprit.
according to Gizmodothe company has developed a patch to fix the aforementioned security flaw, which will be released in November. We have contacted Ecovacs for confirmation on this.