The ABC and Brisbane based journalist Julian Fell, recently claimed that professionally hackers were able to hack an Ecovacs robotic vacuum cleaner, what the ABC failed to mention was that most robotic vacuum cleaners and a lot of electric vehicles have a LiDAR object based detection camera system that researchers claim are all vulnerable to professional hackers.
The ABC were not able to identify any cases of Ecovacs robotic vacuum cleaners being able to be hacked locally by people other than a professional hacker who in their case was based in Germany.
The hard-core reality is that most robotic vacuum cleaners from the likes of LG Electronics, Samsung, and iRobot and Roborock use a LiDAR sensing system which professional hackers have been able to access in the past along with security companies looking for vulnerabilities.
Investigations in the past by Tel Aviv-based security firm Check Point Software into South Korean multinational appliance manufacturer LG Electronics found that their SmartThinQ range of connected devices, include washing machines, dryers, refrigerators, dishwashers, and vacuum cleaners can be controlled via a third-party web application used by hackers.
Check Point, found a vulnerability in an LG portal login process that allowed its researchers to take control of the Hom-Bot and its camera, giving them access to live-stream video from inside a home.
Recently LG and Samsung both released new robotic vacuum cleaners that use the LiDAR sensors and cameras to map a home.
LIDAR or Light Detection and Ranging technology is a remote sensing technology that allows a robot vacuum to accurately navigate your home and avoid any obstacles that it might encounter to do this it needs an inbuilt camera which in turn needs software.
To connect the vacuum cleaners to an app either Bluetooth or Wi Fi connectivity is needed.
The issue exposed by the ABC is not new and in the past researchers found that LiDAR robot vacuums can be hacked and used to spy on voice conversations, even without a microphone.
The best the ABC could come up with to possibly prevent this in the future was a project supervised by Donald Dansereau, a senior lecturer at Sydney University.
What he is attempting to do is scramble images captured by the camera beyond recognition before it is digitised but still able to be used by the navigation system on a robotic vacuum cleaner or a motor vehicle using the LiDAR navigation system.
He claims that if this was the case there is no way that remote attacks can access the raw imagery.
With the Sydney developed prototype enough information is still retained in the scrambled image for the robot to navigate by.
The only problem is that the concept is not ready for commercialisation, nor is there any mention of the cost or whether any outside organisation has taken an interest in commercialising the project in an effort to prevent hackers getting into the LiDAR systems used in robotic Vacuum cleaners.
Dansereau claims there’s “no magic bullet on the technological side – good policy and good literacy are still required.
For the purposes of trying to take down Ecovacs the ABC had to go to a German based hacker who then had to give instructions to a person in Australia as to how to best hack a robotic vacuum cleaner.
In the latest $2,999 LG Electronics CordZeroAll-in-One Tower Combi vacuum cleaner LG use a 360-degree LiDAR Sensor that scans the surroundings six times per second up to a radius of 8 meters.
The Samsung BESPOKE Jet Bot AI+ Robot Vacuum also uses the LiDAR 3D sensors to capture data.
The main advantage of using LiDAR is its precision — it knows exactly where walls, furniture, and other obstacles are, which helps the vacuum clean more efficiently and quickly and avoid no-go zones.
Another benefit to using LiDAR is its reliability, as smart vacuums that use this technology perform well in low-light or dark conditions, which is typically where camera-based systems might falter.
Another technology used in vacuum cleaners is vSLAM.
This technology gives your robot vacuum the ability to navigate your home using a camera. It does this by allowing the vacuum to capture images of its surroundings and identify specific points, like corners or edges of furniture. The device then uses these points to triangulate its 3D position and create a map of your home. This map helps the vacuum know where it is and where it needs to go, and constantly updates as it works its way through your home.
One of the big plus points of vSLAM is its ability to adapt to changes in your home environment. For instance, if you move furniture around, vSLAM can recognize these changes and adjust its cleaning path as required.
It also excels at visual recognition, making it great for homes with a lot of furniture or tricky spaces.
At the end of the day, we are all vulnerable to attack when connected to a Bluetooth or Wi Fi network for smart speakers, smart security cameras, smart light globes, smart coffee machines, smart alarm clocks, smart refrigerators, even some kids toys and baby monitors are technically IoT devices — many of which have been able to be accessed by hackers and professional security companies who test for vulnerabilities.
While humans are able to create security systems around for example robotic vacuum cleaners or even automated electric vehicles, humans such as professional hackers in Germany are able to hack a system especially when they are being paid to hack a system. Now with the emergence of AI we are also set to see AI used by groups who want to hack into systems and that is another story.
As for the ABC story, Ecovacs responded to SmartHouse and ChannelNews claiming “Ecovacs respects the practice of security experts who identify potential vulnerabilities through research and proactively share their findings with companies. We believe that the interaction between security experts and companies, through offensive and defensive testing and the publication of results, contributes to the improvement of product security”.
“Ecovacs has always prioritised product and data security, as well as the protection of consumer privacy. We assure customers that our existing products offer a high level of security in daily life, and that consumers can confidently use Ecovacs products”.
We have improved the Ecovacs X2 Remote Live Video PIN bypass issue in August 2024.
Only the X2 Series has this vulnerability, which will be corrected in November via an OTA firmware update.
No other ECOVACS models are affected.
If any consumers or your readers remain concerned, they can also take the following steps for added peace-of-mind:
https://www.ecovacs.com/au/blog/robot-vacuum-privacy-concerns
• Strengthen Wi-Fi Security
• Set Strong Passwords
• Regular Software Updates
• Suspicious Activity Notifications
• Factory Reset
