top of page

Hackers Hijack Robotic Vacuums to Chase Pets and Spew Racist Slurs

14/10/24

By:

Piyush Sharma

Ecovacs' Deebot X2 Omni robotic vacuums fall victim to a disturbing hack in several US cities, raising concerns about smart home security.

Ecovacs' Deebot X2 Omni robotic vacuums fall victim to a disturbing hack in several US cities, raising concerns about smart home security.

In an alarming incident earlier this year, hackers infiltrated Ecovacs Deebot X2 Omni robotic vacuums and used them to harass pet owners, even chasing pets around their homes and broadcasting racist slurs. The hacking incidents, which took place across multiple cities in the US, were first reported by ABC News Australia, shedding light on growing concerns surrounding smart home security.

The Incident: Pets Chased, Owners Harassed

One of the victims, Daniel Swenson, a Minnesota-based lawyer, recounted a chilling experience to ABC News. While watching TV with his family, his Deebot X2 suddenly emitted a strange noise, which he initially dismissed as a glitch. However, after resetting his password and rebooting the vacuum, the machine began broadcasting a clearer sound—this time, it was unmistakably a human voice shouting racial slurs. Swenson described the voice as that of a teenager, leaving him stunned.

Swenson wasn’t alone in this nightmare scenario. Similar incidents occurred in El Paso and Los Angeles, where one hacker even used the vacuum to taunt and chase a pet dog. The robotic vacuums, designed to keep homes tidy, had been repurposed for harassment, leaving their owners frightened and violated.

Ecovacs’ Response: A Credential Stuffing Attack

Ecovacs, the company behind the Deebot X2 Omni, responded by identifying the attack as a “credential stuffing event.” This type of attack typically occurs when hackers gain unauthorized access by using stolen or leaked username-password combinations from other services.

In a statement, Ecovacs explained that they had blocked the IP address from which the attack originated and reassured customers that they had found no evidence of usernames and passwords being collected by the attacker. Still, for the affected homeowners, this explanation may not offer much comfort.

Ecovacs also pointed out that they had fixed a known PIN entry flaw from last year that allowed unauthorized access to their devices. Additionally, the company plans to roll out a security update in November to further address vulnerabilities.

Smart Home Security Concerns: An Ongoing Issue

The Deebot X2 isn’t the first smart home device to fall prey to malicious actors. Over the years, various smart home products—from cameras to doorbells—have been compromised by hackers, often exploiting weak security measures or the requirement for these devices to remain connected to the internet at all times.

Many of these attacks stem from poor password practices, such as using the same credentials across multiple accounts. Hackers frequently exploit this by launching credential stuffing attacks, which automate the process of testing stolen credentials across different platforms.

In some cases, the vulnerabilities go beyond stolen passwords. Earlier this month, ABC News uncovered a Bluetooth vulnerability in the Deebot X2 that allowed them to bypass the robot's security features altogether. While Ecovacs did not specify if the November update would address this Bluetooth flaw, the sheer frequency of these incidents underscores the need for better security protocols in the world of smart home devices.

What Can Smart Home Owners Do?

For consumers, incidents like these highlight the importance of strong security practices when using smart devices. Here are a few steps that can help safeguard against potential threats:

  • Use strong, unique passwords for each device and service.

  • Enable two-factor authentication (2FA) wherever possible.

  • Regularly update your devices’ firmware to ensure they have the latest security patches.

  • Review the security settings of smart home devices and disable any unnecessary features, such as remote access or voice control, when not in use.

Despite the convenience that smart home technology offers, the potential for hacking incidents like this one remains a concern. As the number of internet-connected devices grows, so too does the risk of malicious actors finding new ways to exploit them.

Final Thoughts: The Price of Connectivity

The Deebot X2 hacking incident is a disturbing reminder of the risks associated with cloud-connected devices. While Ecovacs is taking steps to address security flaws, the fact that hackers were able to gain control of these robots and use them for harassment is a stark example of the vulnerabilities inherent in smart homes.

As more households adopt these technologies, manufacturers will need to prioritize security enhancements to ensure that consumers can enjoy the convenience of their devices without fear of them being hijacked for malicious purposes.

All images used in the articles published by Kushal Bharat Tech News are the property of Verge. We use these images under proper authorization and with full respect to the original copyright holders. Unauthorized use or reproduction of these images is strictly prohibited. For any inquiries or permissions related to the images, please contact Verge directly.

Latest News

5/12/24

Apple Enables iCloud Password Syncing with Firefox on macOS

Official Extension Lacks Windows Support but Expands Accessibility for macOS Users

5/12/24

OpenAI Partners with Defense Tech Firm Anduril to Enhance Counterdrone Systems

A Strategic Collaboration Marks OpenAI’s First Foray into Military Technology

5/12/24

Wahoo Fitness Unveils Elemnt Ace: A Revolution in Cycling Performance Analysis

Advanced Air Pressure Sensor Calculates Wind Resistance for Cyclists

bottom of page