Robotic vacuums in the United States have been targeted by a series of cyberattacks, giving hackers the ability to take control of the devices and use their speakers to launch racist remarks and insults at those around them, according to ABC News reports.
All the affected devices in the attacks were of the same model, the “Ecovacs Deebot X2s” vacuum manufactured in China, which gained a reputation for being easily hackable due to a critical security flaw.
In one instance, ABC News reporters were able to take full control of one of these vacuums, including the camera.
Attorney Daniel Swenson from Minnesota recounted that he was watching TV when the vacuum started making strange noises. When he checked the app, he discovered that an unknown person was manipulating the camera. Despite resetting the password, the vacuum continued to move on its own, and the speakers started making human-like sounds uttering racist words in front of his son.
On the same day Swenson experienced the breach, a similar incident occurred in Los Angeles, where a Deebot X2s vacuum chased a dog and made offensive comments. Five days later, the incident repeated in El Paso, but the number of compromised devices remains unclear.
This issue stems from a security flaw that allows hackers to bypass the four-digit passcode and take control of the vacuum. This vulnerability was disclosed in December of last year, and another flaw exists in the Bluetooth module that enables full access from a distance of up to 300 feet. However, the recurrence of attacks nationwide makes it unlikely that the Bluetooth vulnerability is the main cause.
Reports from Gizmodo indicate that the vacuum’s developer has developed an update to fix the mentioned security flaw, expected to be released in November.
