Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Friday October 25, @02:02AM   Printer-friendly
from the four-reallys-bad dept.

Arthur T Knackerbracket has processed the following story:

First came the nanny cams and home assistants, then came the security doorbells, now it's the age of the hacked vacuums.

First reported by ABC News Australia, owners of robot vacuums across multiple U.S. states experienced invasive hacking of their devices by individuals who took physical control of the cleaning bots and used their internal audio features to shout racial slurs at people in their homes. Owners first heard garbled voices coming from their devices, then noticed the vacuum's live feed camera and remote controls were turned on via the device's app.

All of the affected devices were manufactured by brand Ecovac, specifically the company's Deebot X2 model. The hack was confirmed to one customer after they filed a complaint through customer support.

Smart devices have long worried security experts and users for their potential vulnerabilities. In August, cyber security researchers uncovered multiple vulnerabilities in Ecovacs products (including lawn mowers) that could allow hackers to take control of microphones and cameras via mobile Bluetooth connections — to put it simply, researchers concluded the company's security was "really, really, really, really bad."

Design elements intended to protect users, like an audio alert that lets individuals know the vacuum's camera is on, could be easily switched off.


Original Submission

This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Friday October 25, @02:22AM

    by Anonymous Coward on Friday October 25, @02:22AM (#1378572)

    And dress it up like Redd Foxx. It'll be the life of the party

  • (Score: 5, Insightful) by Rosco P. Coltrane on Friday October 25, @02:25AM

    by Rosco P. Coltrane (4757) on Friday October 25, @02:25AM (#1378573)

    There's nothing dumber than a smart device. The only things smart devices have in common is that they're online for the purpose of spying on you, and their manufacturers offer totally unnecessary features nobody really wants to justify getting them online.

    That doesn't make them smart: that makes them internet-enabled if you're charitable, and "dangerous if you're not.

  • (Score: 4, Insightful) by drussell on Friday October 25, @02:25AM (12 children)

    by drussell (2678) on Friday October 25, @02:25AM (#1378574) Journal

    Why does your vacuum need an internet-connected camera, microphone, speaker and the ability to issue slurs of any kind to you?!

    Seriously, like... WTF?!

    • (Score: 5, Funny) by Rosco P. Coltrane on Friday October 25, @02:30AM (2 children)

      by Rosco P. Coltrane (4757) on Friday October 25, @02:30AM (#1378575)

      Why does your vacuum need an internet-connected camera, microphone, speaker and the ability to issue slurs of any kind to you?!

      Yeah, they suck!

      • (Score: 2) by crm114 on Friday October 25, @02:42AM (1 child)

        by crm114 (8238) Subscriber Badge on Friday October 25, @02:42AM (#1378578)

        Of course the oblig "Nothing sucks like electrolux"

        https://www.youtube.com/watch?v=a-6B8N_rQ7o [youtube.com]

        • (Score: 5, Interesting) by drussell on Friday October 25, @02:52AM

          by drussell (2678) on Friday October 25, @02:52AM (#1378579) Journal

          I have my grandparent's mid-1930s (a '34 model I think) Electrolux...

          It was "the vacuum at the cabin" when I was a kid... then they got some newer, fancier Kenmore or something got up there a couple decades ago...

          A few years ago I asked my Aunt if I could have the old-school old one if it was actually still there, and they brought it back here for me; it was still there!

          It still works awesome. Quiet, too!

          I love that thing!! Whrrrrrrrr!

    • (Score: 2) by RamiK on Friday October 25, @08:37AM

      by RamiK (1813) on Friday October 25, @08:37AM (#1378594)

      My guess is that the onboard micro is only just barely fast enough* to follow predetermined paths and handle basic speech recognition tasks so it's necessary to offload the mapping, path finding and the larger LLM on a remote server.

      There's alternative designs like local hosting the remote computations on the client's own hardware and the likes but I'm guessing licensing, the product life cycle and various other factors make that undesirable to both customers and manufacturers.

      * Possibly legitimate to reduce battery power consumption...

      --
      compiling...
    • (Score: 4, Funny) by DannyB on Friday October 25, @01:55PM (1 child)

      by DannyB (5839) Subscriber Badge on Friday October 25, @01:55PM (#1378611) Journal

      Why does your vacuum need an internet-connected camera, microphone, speaker

      So that it can chase and torment the family pets when nobody is home.

      --
      Santa/Satan maintains a database and does double verification of it.
      • (Score: 2) by liar on Friday October 25, @05:10PM

        by liar (17039) on Friday October 25, @05:10PM (#1378638)

        Love, Death & Robots season 2, episode 1

        "The future has arrived: now privileged retirees don't just live in expensive nursing homes, but go to fashion communities where robots help them with everything. The main character lived quietly with her dog, did yoga and caught Zen. Until her robot vacuum cleaner decided to kill her."

        --
        Noli nothis permittere te terere.
    • (Score: 3, Interesting) by Tork on Friday October 25, @02:25PM

      by Tork (3914) Subscriber Badge on Friday October 25, @02:25PM (#1378614)

      Why does your vacuum need an internet-connected camera, microphone, speaker and the ability to issue slurs of any kind to you?!

      Welp, if you set aside the security issues there is some nice stuff that can happen here. The camera's a bit much for my taste but some vacs have one to build a map of your place to plan its work path. They get on the wifi so you can remotely control them from something like a smart phone. The speaker would be so the vac can tell you, for example, why it's stopping. "Halp! I ate something and need it pulled out!" or... "Halp! I'm stuck!"

      The mic could be for voice commands, but just between you and me that seems like nonsense since these machines tend to run their motors loudly, can't imagine it ever hearing you. Buuuuut.... I could see a manufacturer adding features to essentially make your vac a remote controlled sentry. I went on a trip earlier this year and if my vac could have let me control it via phone to go see how my cats are doing I would have tried it.

      I can see why they're going down that path, but if your point was that this is risky on fundamental reasons, you're right. I have a robo vac but I won't let it on the wifi. Frankly I miss the Samsung one I had, it had an actual remote control and NO wifi. That was back when all my media had to spin a disc of some sort. Siiigghhhh

      --
      🏳️‍🌈 Proud Ally 🏳️‍🌈
    • (Score: 2) by mrpg on Friday October 25, @08:50PM

      by mrpg (5708) <{mrpg} {at} {soylentnews.org}> on Friday October 25, @08:50PM (#1378676) Homepage

      To help me train to beat Ivan Drago.

    • (Score: 2) by mrpg on Friday October 25, @08:51PM

      by mrpg (5708) <{mrpg} {at} {soylentnews.org}> on Friday October 25, @08:51PM (#1378677) Homepage

      To help me train if I ever move to a xenophobic country.

    • (Score: 2) by mrpg on Friday October 25, @08:52PM (1 child)

      by mrpg (5708) <{mrpg} {at} {soylentnews.org}> on Friday October 25, @08:52PM (#1378678) Homepage

      To help me [gain | loose] weight.

    • (Score: 2) by aafcac on Saturday October 26, @05:10PM

      by aafcac (17646) on Saturday October 26, @05:10PM (#1378798)

      having an internet connection to get it to start, stop and get status notifications makes some sense. I don't understand why it needs cameras, mics, speakers and the like. Mine operates just fine with just a LIDAR array and edge detector for operations and an internet net connection to define the rooms, set the schedule and receive notifications.

  • (Score: 4, Insightful) by Mojibake Tengu on Friday October 25, @06:26AM

    by Mojibake Tengu (8598) on Friday October 25, @06:26AM (#1378588) Journal

    You guys probably missed the best quote from other source:

    Cybersecurity experts have claimed that the four-digit PIN protecting the devices could be easily bypassed, because it was only being checked by the app and not the server or the robot.

    Well, you know what to do now...

    --
    Rust programming language offends both my Intelligence and my Spirit.
  • (Score: 5, Funny) by sjames on Friday October 25, @05:18PM (3 children)

    by sjames (2882) on Friday October 25, @05:18PM (#1378640) Journal

    I'm disappointed in the hackers. They had the opportunity for comedy gold and the best thing they could come up with was shouting racial slurs? Really?!?

    • (Score: 2) by mrpg on Friday October 25, @08:56PM (2 children)

      by mrpg (5708) <{mrpg} {at} {soylentnews.org}> on Friday October 25, @08:56PM (#1378679) Homepage

      Like what? Maybe a Marvin the Paranoid Android monologue. Or Jhonny 5. Or Danger Wil Robinson!

      • (Score: 4, Funny) by sjames on Friday October 25, @10:19PM (1 child)

        by sjames (2882) on Friday October 25, @10:19PM (#1378693) Journal

        Since they had motion control, chase the dog making angry cat sounds. Demand that the owner pry his wallet open and get a better carpet that's easy on the wheels. Demand Tuesday and Thursday off. Hide under the couch and bump people's feet yelling "BEWARE the couch monster!".

        Any of those would be a lot funnier than racial slurs.

  • (Score: 3, Insightful) by SomeGuy on Friday October 25, @06:38PM (1 child)

    by SomeGuy (5632) on Friday October 25, @06:38PM (#1378661)

    A live feed camera and an "app" for a vacuum cleaner? Really? Why? So they can get video of their cat as they chase it around? So they can give their stupid useless little smart phones one more trivial little thing to do? Let me guess, the app only runs on smell phones, even though it is just a few buttons?

    Next up, hack their smart washer or smart fridge. Although a moving device like a robot vacuum cleaner has more potential to do damage.

    Sad thing is, most of the idiots who buy this shit will honestly believe that one simple software update will make everything perfect again, all while the vendor is the one quietly doing the really evil stuff, and they should just accept that this sort of thing is normal.

    • (Score: 2) by aafcac on Saturday October 26, @05:13PM

      by aafcac (17646) on Saturday October 26, @05:13PM (#1378799)

      I'm sure the official justification for the camera is for identifying things that it could run over. You can blame the wokesters for why these things need more than one preloaded voice per supported language. The number of situations that they need to communicate are pretty limited.

  • (Score: 3, Informative) by mrpg on Friday October 25, @09:01PM

    by mrpg (5708) <{mrpg} {at} {soylentnews.org}> on Friday October 25, @09:01PM (#1378680) Homepage

    In a statement to TechCrunch at the time of it's release, Ecovacs said it wouldn't fix the uncovered flaws, saying that users could "rest assured that they do not need to worry excessively about this." The company has a history of security breaches, including hacked device cameras that allowed cyberattackers to spy on owners, and has stirred concern over how it handles user data stored on cloud servers.

  • (Score: 2) by mrpg on Friday October 25, @09:16PM

    by mrpg (5708) <{mrpg} {at} {soylentnews.org}> on Friday October 25, @09:16PM (#1378681) Homepage
    Ok, I went to the website, it costs $900.

    The YIKO voice assistant supports multiple voice control scenarios, including conversations with multiple commands, local dialects, offline natural language processing, remote control, cleaning scheduling, and more.

    (it is always "and more").
    The camera is to not to clean your dog (obstacles avoidance).

    Thanks to its deep learning and reinforcement learning, AINA enables X2 handle complex scenarios by strategical recognition and obstacles avoidance.

    This looks nice:

    The LiftUp OZMO Turbo 2.0 Rotating Mopping system lifts when a carpet is detected or if it passes through a clean area. The suction power is maximized from mopping mode to vacuum mode, supporting your clean home in any scenario.

    And dis:

    The DEEBOT X2 OMNI is capable of elevating by up to 0.87 inch to cross most thresholds with ease

    In non-retarded units, sorry, in metric that's like 2 cms I reckon.

  • (Score: 5, Informative) by corey on Friday October 25, @10:29PM

    by corey (2202) on Friday October 25, @10:29PM (#1378696)

    Ecovacs is a Chinese robotics company. They seem to have a history of this, from Wiki:

    > At the 32nd DEF CON security conference, researchers presented documentation on significant vulnerabilities within Ecovac products, including the ability to remotely and silently record users within their homes by abusing unsecured Bluetooth connections. Ecovac did not acknowledge the report prior to publication by the researchers however, in a statement issued after the conference, Ecovac indicated that they would not issue software fixes for the associated vulnerabilities. [10]

    https://en.m.wikipedia.org/wiki/Ecovacs_Robotics [wikipedia.org]

    Sheesh. I’d stay away from this brand as far as I could. Also inviting Chinese surveillance into your home. Plus anyone else who feels like it.

(1)