Ecovacs’s robot vacuums are apparently quite easy to hack. The Chinese company has a long history of security breaches that allow nefarious folks with ill intent to do whatever they want with the lil’ suckers, like spying on its owners with its onboard camera.
Ecovacs just got hacked again in multiple U.S. states. The vacuum cleaners were made to shout racial slurs at unsuspecting people. What an odd dystopia we live in.
The issue is specifically with Ecovacs’ Deebot X2 model. The hackers gained control of the devices and used the onboard speakers to blast racial slurs at anyone within earshot. One such person was a lawyer from Minnesota named Daniel Swenson. He was watching TV when he heard some odd noises coming from the direction of his vacuum. He changed the password and restarted it. But then the odd sounds started up again. And then it started shouting racial slurs at him like a surly disgruntled maid.
There were multiple reports of similar incidents across the United States and around the same time. One of them happened in Los Angeles, where a vacuum chased a dog while spewing hate. Another happened in El Paso, where the vac spewed slurs until it’s owner turned it off.
The attacks are apparently quite easy to pull off thanks to several known security vulnerabilities in Ecovacs, like a bad Bluetooth connector and a defective PIN system that is intended to safeguard video feeds and remote access but actually doesn’t do any of that at all.
A pair of cybersecurity researchers released a report on Ecovacs detailing the brand’s multiple security flaws earlier this year. The company, it appears, has not yet addressed all of its critical issues—nor do they seem to believe that their vacuums are even capable of being hacked, at least according to that owner Daniel Swenson, who says that the company’s customer support didn’t believe him when he said his vacuum was shouting the N-word at him.
Which… given the absurdity of the situation, I think I would be a tiny bit skeptical too. But given the company’s lax attitude toward cybersecurity, it seems like customer support should be made aware that they might occasionally get some calls about racist vacuums.
Swenson says that customer support thinks the hackers might have gained access through a process called “credential stuffing,” which is when old passwords that have been collected from hacks of other websites and services are used to gain access to other aspects of a user’s digital life.
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.