While there’s always a fear that machines might someday rebel against us, the most recent incident involving robotic vacuums suggests the culprit is likely just a bored teenager. According to a report from ABC News, owners of the Ecovacs Deebot X2 in several cities fell victim to a cyberattack. The attack enabled hackers to take control of these vacuums, resulting in them spewing hateful language at families and even targeting pets.
The incidents occurred in May across locations including El Paso, Texas; Los Angeles; and parts of Minnesota. Daniel Swenson, one of the affected users, stated that his robotic vacuum started emitting a garbled noise reminiscent of a “broken radio signal.” He could hear snippets of a voice, and after performing a reset, the device once again emitted the sound of a teenager shouting racial slurs. Fed up, Swenson chose to simply turn off the device instead of resetting it again.
This alarming incident raised concerns that the hackers might be attempting to infiltrate other smart home systems. Fortunately, Ecovacs discovered the breach and confirmed that it stemmed from a “credential-stuffing event” linked to a single IP address in a suspicious location.
It appears that the hacker was likely masking their IP address to evade detection. If this was merely a prank, there’s a strong chance it could happen again, as the solutions implemented by Ecovacs are only a temporary fix. Security experts have previously attempted to discuss vulnerabilities with the company.
Though disruptive, this incident could have escalated to an even more serious violation of privacy. Many robotic vacuums are equipped with cameras, which malicious actors could exploit to surveil homes without raising alarms. This is particularly concerning for parents when it comes to protecting their children. Ultimately, the situation seems to stem from a recognized security flaw, but there are several proactive steps you can take to minimize the risk of experiencing something similar.
Ensure that all your smart home devices are regularly updated and enable automatic updates whenever possible.