They can then grant themselves an intimate front-row view into your home.
Once they’ve got control, they can connect over the internet for complete remote access.
The researchers will present their findings during this year’s Def Con hacking conference.
“Their security was really, really, really, really bad,” Giese told TechCrunch.
Giese elaborates that hackers can send a quick payload that instantly connects back to their computer.
This command-and-control server grants the attacker remote control capabilities over the hijacked robot.
The hacked bots can even propagate the attack to other nearby Ecovacs devices.
Even worse, there’s no warning light or other indicator when the cameras and mics are on.
Some models have an audio alert, but hackers can easily disable those.
Therefore, a hacker could potentially access a used robot to spy on the new owner.
To further highlight the security incompetence, lawnmower models have an anti-theft PIN stored in plaintext on the gadget!
As of August 9, the vulnerabilities were still open for exploitation.
