Description: Hackers reportedly exploited a vulnerability in Ecovacs’s Deebot X2 robot vacuums, gaining unauthorized access to camera and microphone controls. Users reported privacy invasions and offensive language broadcasted through the devices. Although Ecovacs claimed to have resolved the security flaw, researchers suggest vulnerabilities remain that could potentially leave users exposed to surveillance and harassment through their AI-enabled devices.
Editor Notes: Reconstructing the timeline of events: (1) December 2023: Cybersecurity researchers Dennis Giese and Braelynn Luedtke reportedly reveal a security flaw in Ecovacs Deebot X2 at a hacking conference. The flaw, they claim, involves an insecure PIN system and Bluetooth vulnerability, and was reported to Ecovacs prior to going public. (2) May 24, 2024: Minnesota lawyer Daniel Swenson’s Deebot X2 is reported to have been hacked, allegedly emitting racial slurs and controlled remotely in his home. The same day, another hacked Deebot X2 reportedly chases a dog in Los Angeles while allegedly projecting offensive language. (3) May 29, 2024: In El Paso, Texas, another Deebot X2 is reported to have been hacked, allegedly yelling obscenities at the owner until unplugged. (4) October 10, 2024: An ABC Australia report presents confirmation of the hackability of the Deebot X2 and explaining the ongoing risk posed by the security flaws. Ecovacs responds to the incidents and attributes them to credential stuffing and denying a system breach. Ecovacs promises a security upgrade for the X2 series in November 2024. The Ecovacs statement can be read here: https://live-production.wcms.abc-cdn.net.au/d22cf5c9f95808b90a58ccae58a05b76.
Entities
View all entitiesAlleged: Ecovacs developed an AI system deployed by Ecovacs Deebot X2 and Ecovacs, which harmed Ecovacs customers , Ecovacs Deebot X2 users and Daniel Swenson.
Incident Stats
Incident ID
842
Report Count
2
Incident Date
2024-05-24
Editors
Daniel Atherton
Incident Reports
Reports Timeline
abc.net.au · 2024
- View the original report at its source
- View the report at the Internet Archive
Robot vacuums in multiple US cities were hacked in the space of a few days, with the attacker physically controlling them and yelling obscenities through their onboard speakers.
The affected robots were all Chinese-made Ecovacs Deebot X2s —…
futurism.com · 2024
- View the original report at its source
- View the report at the Internet Archive
Hackers were able to gain control of camera-equipped robot vacuums around the United States — and at least one of them forced the cleaning robots to yell racist obscenities.
As ABC Australia reports, owners of Ecovacs' Deebot X2 robot vacuu…
Variants
A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.
Similar Incidents
Did our AI mess up? Flag the unrelated incidents
Security Robot Rolls Over Child in Mall
· 27 reports
Uber Autonomous Cars Running Red Lights
· 10 reports
Sleeping Driver on Tesla AutoPilot
· 24 reports
Similar Incidents
Did our AI mess up? Flag the unrelated incidents
Security Robot Rolls Over Child in Mall
· 27 reports
Uber Autonomous Cars Running Red Lights
· 10 reports
Sleeping Driver on Tesla AutoPilot
· 24 reports