1 min read

Link: Hackers took over robovacs to chase pets and yell slurs

Earlier this year, Ecovacs Deebot X2 Omni robotic vacuums were hacked across several US cities, wreaking havoc by chasing pets and hurling racist slurs at owners. ABC News in Australia highlighted multiple incidents, including a report from a Minnesota lawyer whose vacuum began emitting a strange noise before verbal abuses were heard.

After rebooting and changing his robot's password, the lawyer realized that the noises were indeed offensive slurs shouted by what sounded like a teenager. Similar distressing experiences were reported by Deebot X2 owners in El Paso and Los Angeles.

In response to these incidents, Ecovacs acknowledged a "credential stuffing event" and took measures to block the originating IP address. However, they found no evidence that usernames and passwords had been stolen by the hacker.

Last year, researchers uncovered a flaw allowing them to bypass the PIN required to access the vacuum, though Ecovacs has since addressed this issue. Further security enhancements are scheduled for November.

These breaches underline ongoing vulnerabilities in cloud-connected smart home devices, often resulting from compromised credentials or software issues. It's a recurrent theme in an era where such devices are ubiquitous and continuously online.

These mishaps spotlight the need for more robust security in smart devices and more straightforward processes for reporting vulnerabilities. #

--

Yoooo, this is a quick note on a link that made me go, WTF? Find all past links here.