Recent reports have surfaced detailing a disturbing trend involving Ecovacs Deebot X2 robot vacuums, which have been compromised by hackers in multiple U.S. cities. According to an investigation by ABC, owners of these devices have encountered alarming situations where strangers accessed live camera feeds and took control of the robots, using their onboard speakers to yell racial slurs. In some instances, the rogue vacuums chased pets around the home, leading to a mix of confusion and fear among affected households. The incidents have raised serious concerns about privacy and security, as the hacking spree has revealed vulnerabilities in the very devices that were supposed to enhance convenience in smart homes.
The Ecovacs Deebot X2, a Chinese-made product retailing for around $900, has come under scrutiny due to significant security vulnerabilities. Security researchers had previously alerted Ecovacs to these flaws, including a critical issue with the Bluetooth connector that allowed remote access from over 100 meters away. Furthermore, the PIN code designed to protect the robot’s video feed and remote control feature was found to be easily bypassed, as it was only checked by the app and not by the robot itself. These security gaps have raised questions about the effectiveness of existing safety measures and the adequacy of manufacturer responses in safeguarding consumer devices.
Affected owners reported experiencing bizarre behaviors from their vacuums, including sounds resembling broken radio signals and the inability to regain control despite multiple password resets. The robots’ erratic behaviors included yelling offensive slurs and seemingly taking on a life of their own as they roamed freely, which left many users feeling vulnerable in their own homes. These incidents have underscored the critical need for manufacturers to prioritize security in their products, particularly those equipped with live cameras and remote capabilities. As many consumers have invested in smart technology to simplify their lives, the thought of these devices being hijacked has become a significant source of anxiety.
In response to these incidents, Ecovacs has acknowledged the security vulnerabilities and plans to release an over-the-air firmware update in November to enhance the security of the X2 series. The company has also identified a credential stuffing event that resulted in blocked login attempts from a single IP address. While Ecovacs has reassured customers that no owner accounts were hacked and no breaches of their systems were detected, the evidence of the compromised devices paints a troubling picture.
