If you think your robot vacuum is watching you, you might not be wrong

A new report finds a worrisome Ecovacs vulnerability

· TechRadar

News By Lance Ulanoff published 4 October 2024

(Image credit: Adobe Firefly)

Sometimes I look at my robot vacuum and wonder if it knows how much I like it. I do not ponder if it's staring back at me, thinking...well...who know what? If I owned an Ecovac robot vacuum, though, that might be all I was thinking about and, soon, throwing a blanket over its potentially rapacious camera.

According to a new report and the work of long-time robot vacuum hackers, some Ecovac vacuums can, with some skill but no physical, access be hacked, giving would-be attackers access to all onboard systems and sensors, including the camera.

It's a simple and somewhat unnerving tale: An ABC Australia news reporter, Julian Fell, followed up on reports that some Ecovac vacuums could be hacked and was soon, with the permission of an Ecovac owner, hacking a robot vacuum in the safety of his news site's offices.

Not a hacker himself, Fell worked with Northeastern University Cybersecurity researcher Dennis Giese who (along with collaborators Braelynn Luedtke and Chris Anderson) discovered the hack and has spent years researching robot vacuum vulnerabilities. Via email, Giese told me he's researched most of the major robot vacuum manufacturers, including Neato and iRobot. "Ecovacs is a bit unlucky this year, as I usually swap the vendor every year. Next year, it might hit a different vendor."

Giese developed a payload and all Fell had to do was stand outside his offices, connect to the robot vacuum via Bluetooth, and download Giese's encrypted payload to it. That triggered a function in Ecovac's vacuum, which led to it downloading a script from Giese's server and then executing it. Within moments, both Fell and Giese had access to the robot vacuum's camera feed. They could see what it saw and, more chillingly, were able to, according to the report, use the speaker to send a message to the Ecovac's owner: "Hello Sean, I’m waaaatching you.”

At no point during this process did the robot vacuum indicate that it was under outside control.

Ecovac's POV

When contacted about the Hack story, Ecovacs sent me this response:

Get daily insight, inspiration and deals in your inbox

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors