Hackers took over robovacs to chase pets and yell slurs

Share via:


Someone gained access to Ecovacs Deebot X2 Omni robotic vacuums across several US cities earlier this year and used them to chase pets and yell racist slurs at their owners, reported ABC News in Australia this week.

The outlet spoke with multiple Deebot X2 owners who say their Deebot X2s had been hacked in May, including Minnesota lawyer Daniel Swenson, who said he was watching TV with his family when a noise “like a broken-up radio signal or something” started coming from the robot’s speaker. He said after he reset his password and rebooted the robot, it began again, only this time the sound was clearly a voice — he guessed a teenager’s — yelling slurs.

ABC News lists other, similar accounts from owners in El Paso and Los Angeles, the latter of which involved someone using a Deebot to antagonize a dog, yelling at and chasing it.

Ecovacs told the outlet in a statement that it had “identified a credential stuffing event” and blocked the IP address it originated from. The company said it “found no evidence” that usernames and passwords were collected by the attacker.

Researchers demonstrated a flaw last year that let them bypass the Deebot X2’s PIN entry to gain access to the vacuum. Ecovacs says in its statement that it has resolved that, and that it also plans to “further enhance security” with an update in November. It’s not clear whether that would correct a Bluetooth vulnerability that ABC News exploited for a report earlier this month.

Cloud-connected smart home devices have led to stories like this for years. Sometimes it’s the result of hacks, others simply compromised credentials. Sometimes, it’s bad software showing you another owner’s camera feed, as a little treat. Issues like these can feel inevitable when so many smart home devices require a persistent internet connection to function, especially for those companies that don’t offer easy ways to report security vulnerabilities.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Hackers took over robovacs to chase pets and yell slurs


Someone gained access to Ecovacs Deebot X2 Omni robotic vacuums across several US cities earlier this year and used them to chase pets and yell racist slurs at their owners, reported ABC News in Australia this week.

The outlet spoke with multiple Deebot X2 owners who say their Deebot X2s had been hacked in May, including Minnesota lawyer Daniel Swenson, who said he was watching TV with his family when a noise “like a broken-up radio signal or something” started coming from the robot’s speaker. He said after he reset his password and rebooted the robot, it began again, only this time the sound was clearly a voice — he guessed a teenager’s — yelling slurs.

ABC News lists other, similar accounts from owners in El Paso and Los Angeles, the latter of which involved someone using a Deebot to antagonize a dog, yelling at and chasing it.

Ecovacs told the outlet in a statement that it had “identified a credential stuffing event” and blocked the IP address it originated from. The company said it “found no evidence” that usernames and passwords were collected by the attacker.

Researchers demonstrated a flaw last year that let them bypass the Deebot X2’s PIN entry to gain access to the vacuum. Ecovacs says in its statement that it has resolved that, and that it also plans to “further enhance security” with an update in November. It’s not clear whether that would correct a Bluetooth vulnerability that ABC News exploited for a report earlier this month.

Cloud-connected smart home devices have led to stories like this for years. Sometimes it’s the result of hacks, others simply compromised credentials. Sometimes, it’s bad software showing you another owner’s camera feed, as a little treat. Issues like these can feel inevitable when so many smart home devices require a persistent internet connection to function, especially for those companies that don’t offer easy ways to report security vulnerabilities.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Hashing It Out: How Web3 makes shopping better with...

The latest episode of the Hashing It Out...

South Korea confirms North Korea behind $1b crypto heist

The stolen Ethereum was laundered in 2019 through...

Should we ban social media use by kids, as...

The impact of social media use by kids...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!