Ecovacs Security Flaw Turns Your Vacuum Into a Camera-Equipped Spy

These devices, which contain cameras and microphones, may be utilized for “spying” if compromised.

Concerningly, Ecovacs has not acknowledged the problem.

The security researchers in questionDennis Giese and Braelynnidentifiedseveralvulnerabilities in Ecovacs products and cloud-based services.

Tuya Wi-Fi IR Blaster on a wooden desk.

The Bluetooth takeover flaw is simply the most notable of the bunch.

Hackers can hijack Ecovacs robotic vacuums and mowers by sending a malicious payload over Bluetooth from a smartphone.

Once an Ecovac robot is compromised, hackers may access its cameras and microphones.

A woman looking frustrated surround by smart home tech.

Importantly, an attacker must be within Bluetooth range (less than 450 feet) to perform this hack.

However, attackers can set up Wi-Fi remote access after completing the Bluetooth hack.

They only need to be in physical proximity for a few minutes.

A person holding an S23 Ultra on the medical information entry screen, with some emergency sirens around it.

Plus, Bluetooth hijacking is just one of many flaws discovered by Giese and Braelynn.

The duo found that cloud-based user data and authentication tokensare not discardedwhen a user deletes their Ecovacs account.

If Ecovacs' servers are compromised,formercustomers may have their private data exposed.

An Ecovacs robot vacuum with big googly eyes.

Joe Fedewa / Andrew Heinzman /Roberto Marantan/Shutterstock / How-To Geek

Giese and Braelynn attempted to bring these findings to Ecovacs' attention.

The company didn’t thank or consult the researchers.

In fact, the researchers were met with radio silence.

Admittedly, the vulnerabilities discovered by Giese and Braelynn may only affect a small portion of Ecovacs users.

The most concerning part of this story is Ecovacs' slow response and aloof attitude.

Robot vacuums with integrated cameras are, by nature, afantastic target for hackers.

Ecovacs' productsshouldoffer top-notch security.

And Ecovacs, as a smart home company,shouldbe receptive to vulnerability disclosures.

Other Ecovacs products may not be impacted by any of the aforementioned vulnerabilities.

We’ve reached out to Ecovacs and are awaiting a response.

This article will be updated as we learn new information about the Ecovacs vulnerabilities.

Source: Dennis Giese and Braelynn viaTechCrunch