Hackers take control of many Ecovacs vacuum cleaners in the US

All of the affected products were Ecovacs Deebot X2s vacuum cleaners, a high-end product from China that costs nearly $900. The manufacturer Ecovacs has acknowledged the vulnerability.

According to a report by ABC News (Australia), hackers took advantage of a security vulnerability to infiltrate the vacuum cleaner's system, causing it to emit noises similar to jammed radio signals and allowing attackers to view live images through the camera and access remote control features.

Despite changing the password and restarting the machine several times, the strange behavior of the vacuum cleaner still recurred inexplicably. What made the owners feel most scared was discovering that the device could have been secretly monitoring them for a long time.

Security researchers have repeatedly warned Ecovacs about serious vulnerabilities in their systems. The most notable is a vulnerability related to Bluetooth connectivity, which allows hackers to easily penetrate the X2 model from a distance of up to 100 meters. In addition, the PIN code protecting the video feed and remote control features of this vacuum cleaner is also considered too weak, easily cracked.

In an interview with ABC News, Minnesota attorney Daniel Swenson shared the terrifying experience of his vacuum cleaner suddenly bursting into the living room and screaming in front of his wife and children. The voice coming from the vacuum cleaner sounded very much like that of a teenager, causing his entire family to panic.

Another victim in Los Angeles said their dog was chased by a vacuum cleaner on May 24, the same day the Minnesota attorney suffered a similar incident.

In an official statement, manufacturer Ecovacs confirmed the cyberattacks but insisted that its systems were not directly compromised. The company said that hackers took advantage of users' password reuse behavior to gain unauthorized access. Accordingly, if a password is used on multiple platforms, hackers can try that password to penetrate other systems, including Ecovacs's system.

“Ecovacs has always prioritized product and data security, as well as protecting consumer privacy,” the company said. “We assure our customers that our existing products provide a high level of security in everyday life, and consumers can use Ecovacs products with confidence.”

A new study presented at a major annual event for those interested in information security, known as the Def Con conference, has exposed the serious privacy risks of using vacuum cleaners. Researchers have demonstrated the ability to exploit security vulnerabilities to turn the device into a surveillance tool, tracking every activity taking place in the house.

Ecovacs plans to significantly improve the security of the X2 series through a software update in November. However, users should also do their part to protect their devices by creating strong, unique passwords and ensuring their Wi-Fi networks are well secured.

Meanwhile, a 2020 PCMag survey raised privacy concerns when using smart devices, finding that about 68% of respondents believe that these devices collect personal data without the user's consent and share that information with the manufacturer.