Hackers Hijack Vacuum Cleaners: Privacy Risks - Panda Security

Oct 17, 2024

Bizarre reports of Ecovacs robot cleaners yelling racial slurs at users have started popping up on social media, gaining the attention of media outlets such as ABC News, Gizmodo, VICE, and Boing Boing. Hackers have somehow managed to penetrate the mobile Chinese vacuum cleaners and have used the robot’s speakers to yell vulgarities at people hanging out at home.

About five months ago, a Minnesota lawyer relaxing in front of the TV with his family suddenly heard screeching from the vacuum cleaner and realized that someone was actively trying to talk through the vacuum cleaner’s speakers and was trying to control the robot’s movements.

The man thought his app credentials might have been compromised, so he quickly reset his password and restarted the cleaner. He continued watching TV only to realize that the hackers could still control the vacuum cleaner, and this time, he said he could hear someone talking through the speakers.

The lawyer’s 13-year-old son heard things no kid should ever hear, including racial slurs and obscenities. The father didn’t know what to do with the robot, switched it off and threw it in the recycling container. There have been many similar reports over the last few months.

Dealing with a rude, racist vacuum cleaner is likely not something many people will ever experience. Still, it is essential to note that this is not the first report of hackers using robot vacuum cleaners. Reports of hacked Ecovacs robots have been widely documented on social media and Reddit. And people have expressed frustration with the Chinese manufacturer.

Read also: How to protect yourself against cyber espionage

It is currently unknown whether the vulnerability has been patched. But our research showed that vacuum cleaners are widely available and still on the market in the USA.

Ecovacs released a statement on Oct 11th saying that an Over-the-air (OTA) firmware update will be made available in the second week of November 2024. Specifically for the X2 series that appear to be at the center of all these home spying scandals. The cyber bullies behind those attacks have not been identified yet.

Contrary to popular belief, hackers are not always after monetary gain. They also want to bug people and cause inconvenience just to be punks. However, knowing that hackers can control a device and have a front-row seat to a person’s home through the bot’s camera is terrifying.

Proper anti-virus protection and adequate Wi-Fi security are a must if users want smart devices to operate safely. It is also important to use strong passwords and perform regular updates on all connected devices.

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.