Robôs aspiradores foram hackeados nos EUA e começaram a proferir insultos
According to a report by ABC News Australia, several owners noticed strange behaviors in their devices.
Daniel Swenson, an affected owner, reported hearing unusual sounds and, upon checking the vacuum cleaner app, discovered that a stranger was accessing the live camera feed. After restarting the device, a voice began repeatedly shouting racist insults, including “F*** n******s,” right in front of his son. Surprisingly, Swenson concluded that the situation “could have been worse,” noting that at least the hacker warned him of the intrusion instead of continuously spying.
Small inconveniences, big problems
The main issue with these “smart” devices is that they often require software subscriptions to access full functionality. If the company stops supporting the product, it becomes a dead weight. Even more concerning is the remote access that hackers have to torment people in their own homes.
Intruders often act out of mischief, but it is disturbing to think about how often this happens without anyone noticing. Many home technology companies do not invest enough in security, prioritizing the low price of their products. Although Ecovacs accounts are password-protected and require a four-digit PIN to access the video feed, this PIN is not validated on the server, allowing anyone with basic knowledge to bypass it.
It is likely that Swenson reused credentials from other services, but the code should have acted as an additional security factor. At the very least, Ecovacs should implement basic validation on their servers before granting access to the video feed.
Ecovacs was informed about this vulnerability in 2023 but did not take action until recently. The company has announced that it will release a more substantial security update in November.
If you are paying very low prices for a robot vacuum, you are likely getting what you pay for.
