When researchers uncovered multiple security flaws in Ecovacs devices earlier this month, the company initially did nothing to fix them. But after further investigation, the smart vacuum manufacturer realized that a few patches were actually warranted.

I spy with my little eye…

Earlier this month, independent security researchers revealed that multiple Ecovacs Bluetooth vacuums and lawnmowers were insecurely designed. They found that hackers could break into nearby devices within a 450-ft. range, allowing them to access their data and remotely control them. One of the researchers stated:

“[Once we have access], [w]e can read out to Wi-Fi credentials, we can read out all the [saved room] maps. We can, because we’re sitting on the operation of the robot’s Linux operating system. We can access cameras, microphones, whatever.”

Considering that the majority of Ecovacs devices are built with cameras and microphones, this discovery is highly concerning, as hackers could use the devices to obtain visuals of owners’ homes and listen to their conversations. Although some of the lawnmowers require owners to enter a PIN number before use, the researchers state that the PIN is not encrypted, and would not be difficult for hackers to decipher. The researchers also stated that most of the devices do not tell users when the camera or microphone are in use, so they would have no way of knowing whether or not their device had been hacked.

Fixes moving forward

When Ecovacs was first informed of these findings, the company believed they were insignificant, and told users not to “worry excessively” about them. However, after conducting its own investigation, Ecovacs released a new statement that declared it had “identified several areas where there is room for improvement” and it is “addressing the issues highlighted.” Ecovacs’ security committee director also responded to the researchers who discovered the flaws, stating:

“Your analysis has been greatly valued and appraised by our technical team. Your insights are invaluable in safeguarding the security and integrity of our products, and they contribute significantly to the consumer electronics industry as a whole… Ultimately, it is the general consumers who will benefit most from your dedication.”

TechCrunch reports that to overcome these weak points, Ecovacs is currently planning to update two different vacuum models, as well as the Ecovacs app. The post Ecovacs learned its vacuums could be spying on you: they weren’t going to do anything about it appeared first on OPUSfidelis.