« BackABC News hacks into popular robot vacuum, watches owner through cameraabc.net.auSubmitted by puffl 3 days ago
  • ncr100 3 days ago

    Ecovacs notified in December 2023

    > “Ecovacs has always prioritised product and data security, as well as the protection of consumer privacy,” they said in a statement.

    Still not fixed, today.

    Mobile Webcam exploit at 100 meters.

    • killingtime74 3 days ago

      I specifically bought a robot vacuum with less sensors (no camera) for this reason. Why does it need camera if bump sensors and Lidar already works, it's asking for trouble.

      • Rebelgecko 16 hours ago

        Lidar doesn't work for some things- my Roborock S7 has trouble if there's a USB cable on the ground or a lamp's power cord isn't tucked all the way up against the wall. Supposedly the camera models are better at avoiding certain obstacles, which is good if you have a pet or housemate who sometimes poops inside and you don't want that getting mopped all over the floor.

        That's a compelling use case for me but considering how many of these vacuums have had privacy issues, I stuck with Lidar (people cast aspersions on the Chinese companies but US manufacturers have track records that don't inspire confidence either - just ask the Roomba employees who got their naked pics leaked online)

        • MBCook 2 days ago

          Some manufacturers use cameras instead of LiDAR (iRobot, for example).

          Others use both. LiDAR for walls, cameras for object identification below the LiDAR plane, directly in front of the robot. That’s how the fancy ones avoid socks or cables or other small things.

          • dikkechill 2 days ago

            How did you do your research and which one did you eventually buy?

            • Rebelgecko 16 hours ago

              Not OP, but I'm a big fan of the Vacuum Wars YouTube channel (they have text summaries on their website too)

              • iammiles 2 days ago

                This sounds like the Roborock S series. I went with lidar over camera because it can run in any lighting condition and I don’t have a need for poop detection.

              • aaron695 2 days ago

                [dead]

              • dikkechill 2 days ago

                I found the open source Valetudo (https://github.com/Hypfer/Valetudo) project quite interesting, as it sits between the vendor firmware and (cloud) connectivity. The project is made possible due to Dennis Giese's research.

                It currently supports Dreame, Xiaomi, Roborock and some others. But not Ecovacs. And not sure it prevents this type of Bluetooth vulnerabilities.

                • FloatArtifact 2 days ago

                  I specifically shopped for vacuum using that website and it wasn't too bad to set up.

                  • Tier3r 2 days ago

                    No truck on this robot vacuum race because I don't own one, but one an incredible name.

                  • elitistphoenix 3 days ago

                    His homepage: https://dontvacuum.me/

                    • ChrisArchitect 2 days ago

                      ABC Australia

                      Title: We hacked a robot vacuum — and could watch live through its camera