In a bizarre and disturbing series of events, robot vacuums manufactured by Chinese company Ecovacs have been hacked across multiple US cities, with the devices spewing racial slurs at their owners.
The affected vacuums, specifically the Deebot X2 model, were compromised due to well-known security vulnerabilities, raising serious concerns about the company's approach to cybersecurity.
The hacks allowed attackers to take control of the vacuums’ movement and use their onboard speakers to shout offensive language.
In Minnesota, lawyer Daniel Swenson first noticed odd noises from his vacuum before it escalated into clear racial slurs directed at his family.
In Los Angeles, a vacuum even chased a dog while hurling abusive comments.
Another incident in El Paso followed a similar pattern.
The primary vulnerability lies in Ecovacs’ defective Bluetooth system and its PIN code protection, which had been flagged earlier in the year by cybersecurity researchers.
Despite warnings, the company had not fully addressed these issues.
Researchers revealed that hackers could bypass the PIN system that was supposed to safeguard access to the vacuum’s camera and remote controls, leaving them open to malicious attacks.
Swenson reported the incident to Ecovacs, but initially faced skepticism from customer support. Eventually, the company acknowledged that his account had been compromised through "credential stuffing"—a method where hackers reuse stolen usernames and passwords from other data breaches.
Although Ecovacs later conducted a security investigation and disabled the hacker’s IP address, concerns remain about the overall security of their devices.
Ecovacs claims to have fixed the PIN code flaw, but cybersecurity experts warn that the patch may not be sufficient.
The company has promised a security upgrade for its X2 series in November, but for now, many customers remain wary of their hacked devices.
These incidents highlight significant gaps in security for smart home devices, with the potential for both privacy invasions and harmful behavior when control falls into the wrong hands.
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ