Security researchers issued a warning earlier this month about a number of security holes in Ecovacs’ robotic vacuums and lawn mowers, which might allow hackers to use the microphones and cameras on the machines to eavesdrop on their users.
The researcher-discovered vulnerabilities “are extremely rare in typical user environments and require specialized hacking tools and physical access to the device,” Ecovacs said at the time in an interview with TechCrunch.
The email statement said, “Therefore, users can rest assured that they do not need to worry excessively about this,” but it made no promises to address the flaws.
After two weeks, Ecovacs decided to change its mind and informed TechCrunch and the researchers that the bugs will be fixed by the firm.
We’ve carried out a thorough self-examination and verification. According to an email sent to TechCrunch by Martin Ma, the head of Ecovacs’ security committee, “we have identified several areas where there is room for improvement.” “We have addressed the issues raised and implemented targeted improvements in response.”
At the yearly hacking Def Con conference in Las Vegas on August 10, security researchers Dennis Giese and Braelynn presented a talk regarding their study into Ecovacs’ home robots. The two claimed to have examined 11 Ecovacs devices and discovered a number of defects.
According to them, the most significant weakness enables anyone with a phone to establish a Bluetooth connection with an Ecovacs robot up to 450 feet (or 130 meters) away and take control of the machines. Because the robots are linked to the internet via Wi-Fi, this vulnerability would allow the hackers to keep an eye on them from any location.
The researchers found other vulnerabilities, such as a weakness that would let someone access a robot vacuum after selling it and deactivating their account, allowing them to spy on the device’s new owners.
