Posted on 10/11/2024 8:31:21 PM PDT by Red Badger
"It could have been worse," one owner incredibly concluded.
It’s a tale as old as… the Internet of Things era. Robot vacuums made by Ecovacs have been reported roving around people’s homes, yelling profanities at them through the onboard speakers after the company’s software was found to be vulnerable to intrusion.
ABC News in Australia reports that there were recently multiple instances across the U.S. when owners of Ecovacs vacuums noticed their devices acting unusually.
“It sounded like a broken-up radio signal or something,” Daniel Swenson told the outlet. “You could hear snippets of maybe a voice.” He opened the vacuum’s app to find a stranger was accessing its live camera feed and remote control feature, but assumed it might be an error. After resetting the password and rebooting the robot, the vacuum quickly started moving again:
This time, there was no ambiguity about what was coming out of the speaker. A voice was yelling racist obscenities, loud and clear, right in front of Mr Swenson’s son.
“F*** n******s,” screamed the voice, over and over again.
Perhaps the best part of this anecdote was Swenson’s incredulous conclusion that the situation “could have been worse.” But he’s right that it was nice of the hacker to let him know his vacuum was hacked instead of spying on him indefinitely.
The most common issue people have with so-called “smart” home devices is that they often require a software subscription to access core functionality, and if the manufacturer goes under or stops supporting the device, it simply becomes a paperweight.
The more disturbing issue arises when smart devices can be remotely accessed and the manufacturer never considered (or cared about) the possibility that tricksters might take advantage of this to torment people in their own homes. Remote access is convenient, but every couple of years we hear about something egregious, like intruders accessing a baby monitor and whispering through it at night, or gaining access to a garage door to mess with its owner. A lot of the time the intent of these intruders is just to be punks. But you have to wonder how many times it happens and no one knows about it.
The problem is that most of these smart home companies are selling consumer hardware and don’t want or care to invest much in security — it’s an afterthought for a home appliance. You can buy one of dozens of robovacs on Amazon; most people just want the cheapest one. So this is what we get, a company that doesn’t put basic security measures in place.
And ‘basic’ seems to be fair here. ABC found that although Ecovacs accounts are password-protected, and a further four-digit PIN code is required to access the video feed, that PIN code is not validated server-side—meaning anyone with the basic know-how of a tool like Chrome web inspector could bypass it. It’s likely that Swenson was reusing credentials from other services, but the code should have been an extra factor that prevented access anyway. At a bare minimum all Ecovacs really needs to do is some basic “if-true” validation on its servers before opening the video feed.
Ecovacs reportedly was informed about the vulnerability back in 2023 by researchers and didn’t take action until recently. It says a more substantial security update will be released in November.
It sounds crazy when we’re talking about a vacuum of all things, but if you’re going to buy a robot vacuum, be sure to research the product’s security measures.
My dishwasher, refrigerator and washer & Dryer have WiFi......................
We still clean the old fashion way.... and actually move furniture and things when doing so.
Our TVs do that for real. It’s called Main Stream Media, and we pay them to.
MOst “smart” technology is meant to add another element of collecting data on you which will be data that is breached by or sold to the intelligence agencies.
My toaster is spying on me .........
Why do we need vacuums with speakers?
Could be worse. Imagine if someone were to hack a Cherry-2000.
that sucks...
I can believe it. Still like that movie, though.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.