Security Vulnerabilities in Ecovacs' Sweeping Robots and Lawnmowers Reported by Researchers

TapTechNews August 10th news, the tech media TechCrunch reported yesterday (August 9th) that security researchers Dennis Giese and Braelynn will attend the DefCon hacker conference to demonstrate and report vulnerabilities in Ecovacs' sweeping robot and lawnmower products.

The researchers said they had contacted Ecovacs to report these vulnerabilities but never received a reply from the company, and they believe these vulnerabilities remain unfixed and could be exploited by hackers.

The researchers said that the vulnerability can be exploited to take over Ecovacs sweeping robots via Bluetooth connection with a maximum distance of up to 427 feet (about 130 meters).

And once the hackers control these sweeping robots, since they can connect to the Wi-Fi network themselves, it means that subsequent remote connection control can be achieved.

TapTechNews learned from the report that the researchers said they could use the vulnerability to read the Wi-Fi hotspot password, read all the maps saved by the sweeping robot, and could access components such as cameras and microphones.

The researchers said the following devices all have security vulnerabilities

Ecovacs Deebot 900 series

Ecovacs Deebot N8/T8

Ecovacs Deebot N9/T9

Ecovacs Deebot N10/T10

Ecovacs Deebot X1

Ecovacs Deebot T20

Ecovacs Deebot X2

Ecovacs Goat G1

Ecovacs Spybot Airbot Z1

Ecovacs Airbot AVA

Ecovacs Airbot ANDY