A naukri.com initiative
Kaspersky
2w
287
Image Credit: Kaspersky
How vulnerable Ecovacs robot vacuums are being hacked | Kaspersky official blog
- Vulnerable robot vacuums, such as those manufactured by Ecovacs, can be hacked and commanded to turn into foul-mouthed, abusive louts, or their camera can be accessed remotely by intruders, according to cybersecurity researchers Dennis Giese and Braelynn Luedtke who spoke at DEF CON 32. They discovered the Ecovacs robot vacuums could be targeted if a diagnostic port was exposed, and that the camera's PIN, which secures the video feed from the robot, was not encrypted. Although Ecovacs tried to patch the holes, says Giese, little has been done about the most significant vulnerabilities.
- Owners of the robots have since been hit by hackers who were able to access the video feed, including through public Wi-Fi, and in some cases remotely control the robot, allowing it to move without owners' knowledge and make abusive comments.
- Giese and Luedtke informed Ecovacs about the vulnerabilities they found, but received no response from the company. They later demonstrated it was possible to send a malicious payload to the robot via Bluetooth and gain root privileges in the operating system of any vulnerable robot.
- Although some vulnerabilities may be closed by firmware updates, experts say there is no universal method of protecting against robot vacuum hacking that covers all bases. Owners can attempt to hack the machine themselves, getting root access, and unlinking the machine from the vendor’s cloud. But experts warn this a complex and time-consuming procedure.
- It is recommended to always install firmware updates, to vet the security practices of the product's vendor pre-purchase, and to group IoT devices on a guest network separate to other devices as robot vacuums are a potential launchpad for an attack on other products if they are breached by hackers.
Read Full Article
17 Likes
For uninterrupted reading, download the app