We hacked a robot vacuum — and could watch live through its camera

The largest home robotics company in the world has failed to fix security issues with its robot vacuums despite being warned about them last year.

Without even entering the building, we were able to silently take photos of the (consenting) owner of a device made by Chinese giant Ecovacs.

And then things got even creepier.

Robot vacuums rove unchecked through countless households, both in Australia and around the world.

Sean Kelly – who has twin toddlers and a five-month-old baby – bought one to make life easier while he and his wife raised their family.

Like thousands of other Australians, he chose one made by the largest home robotics company in the world: Ecovacs.

Sean went with the company's flagship model, the Deebot X2, thinking it would come with the best security money could buy.

He was wrong.

His robot was vulnerable to being hacked from afar, and Ecovacs hadn't done anything about it, despite being warned back in December 2023.

"It’s like having a webcam that can roll around your house and look at your family," he said.

Having called him up to deliver the bad news, I had a question to ask of Sean.

Did he mind if I hacked into his robot myself?

A confession: I don't know how to hack.

That's why I needed help from Dennis Giese, a security researcher who has spent the best part of a decade pulling apart robot vacuums.

He'd recently found a way to take control of a long list of Ecovacs robots, including lawnmowers and Deebot vacuum cleaners, armed with only a smartphone.

And he didn't even have to touch them – he could do it entirely over Bluetooth, from up to 140 metres away.

A few weeks after he announced his findings at a hacking conference in Las Vegas back in August, I reached out to him over email, wondering if he could help me do the same.

"I can build you a payload," he wrote back, which would let me "run anything" on certain Bluetooth-enabled Ecovacs devices, including Sean's top-of-the-line X2, a model that retails for $2,500.

Once I'd connected to the device over Bluetooth, he told me, I'd have full access to the onboard computer, and, by extension, any sensors that were connected to it.

"You can access all logs, WiFi credentials and have full network access," he wrote via email.

I would be able to access "the camera and microphone nodes".

On the fourth floor of a brutalist hulk of a building, with thick concrete walls, Sean plugs in his robot vacuum.

Sean's wife was a "hard no" on allowing us to hack the device at their home, for obvious privacy reasons. So we'd decided to test it in his work kitchen instead.

I'm sitting in a park just outside the window. From this far away, the Bluetooth signal is weak; I have to edge closer to the fence to get a better connection.

Sean's office is on a busy street near the centre of Brisbane, with passers-by giving me strange looks as I hold my phone to the sky.

Soon, his device – helpfully labelled "ECOVACS" – pops up on my phone.

And we're in business.

Upstairs, Sean is making himself a cup of coffee.

These photos of him start being streamed to my laptop, in real time.

As his robot starts moving around the room to clean, Sean's face is caught in the shot.

It passes his ankles as he leans against the counter, doing its best to navigate the unfamiliar office kitchen.

The robot fails to play its 'camera recording' warning sound — that only seems to play if the camera is accessed through the Ecovacs app.

When we peer through after hacking in remotely, those in the room get no warning they're being watched.

Then again, Sean probably expects me to be watching him; he did consent to it less than an hour ago.

But what he doesn't know is we'd built in a secret function for our demonstration. And when the moment feels right, we let it loose.

"Hello Sean," says a robotic voice. "I'm waaaatching you."

Sean's eyes widen as his robot says his name, his entire body frozen still. He lets out two short sharp laughs and then lapses back into silence for a moment.

"That's insane," he gasps, still looking at it. It's as if he doesn't recognise his own robot anymore.

It's been roving around his house unchecked for the better part of a year, potentially offering enterprising hackers a window to peer through.

"There's me," says Sean as I show him the photos on my laptop afterwards. "That's the view from the [robot's] camera.

"I didn't even realise Bluetooth went that far," he says, glancing out the window. "We're up on the fourth floor here."

While I was connecting to Sean's robot from the park outside that window, the real hacking was happening from the other side of the planet.

In Germany, Giese had stayed up to an ungodly hour to help pull the strings.

There were a few false starts, but then, it worked.

Julian Fell: Ok sent [the payload]. Anything?

Dennis Giese: Haha I am in

Let me steal the data

He was kidding about stealing Sean's data. But he was entirely serious about having taken control of the robot's onboard computer.

The photos were streaming to his server in the US, and he was seeing them – from his apartment in Berlin – at the same time I was.

"Nice office," he texted me.

"I was surprised to see the robot moving around and still have camera access," Giese said later.

Once I'd sent the initial command via Bluetooth to gain access, there was no need for either of us to be anywhere near the robot in order to keep watching through its camera.

Not all the vulnerabilities Giese has found have been equally problematic — both for Ecovacs and other brands. Many required physically connecting to the robots, or even pulling them apart to get at their insides.

He doesn't report the low-risk threats. But this one was especially sensitive.

Giese quickly notified Ecovacs, saying he'd found a serious security flaw that could be carried out remotely. (He omitted specific details as he didn't want to reveal them over an insecure channel and still has not published them publicly).

That was in December 2023. Ten months ago.

"We never heard back," he says.

Until he went public with his findings, that is.

"The company kind of woke up and were like, 'Oh yeah, yeah, we somehow missed the e-mail like in December'.

Giese's interest lies in gaining access to the devices, not spying on people with them.

Still, it only took him a "couple of hours" to work out how to take the photos, send them to his own server, and play a custom audio recording through its speakers.

At one point in our experiment, Giese seemed to get impatient with his hastily written script.

He jokingly suggested "bricking" — which means permanently disabling a computer — Sean's device, a sign of how much damage he could do without either of us having laid eyes on the thing.

Dennis Giese: Okay, let me do something scary

Should I brick his robot?

Julian Fell: Hahaha no no. [We] need to do the hack right

And, in the end, we put things right. No trace was left on Sean's device, and he took his robot home, spooked as he was about what it all meant for his family's privacy.

"I've started just tossing a little dishcloth on it when it's not in use," he said.

It was a wake-up call for Sean, but risks to privacy in the modern world go far beyond a single product.

"People don't think of their dishwasher as a robot," says Dr Donald Dansereau, senior lecturer at the Australian Centre for Robotics at the University of Sydney.

We live in a "camera-rich society", he says. "Robot vacuums get a lot of flak because they're so visible.

"When you go outside, you see cars driving around with all kinds of cameras on them. The cameras are always on, always watching."

And when there are cameras everywhere, it raises questions about how secure the footage is.

Ecovacs initially said its users "do not need to worry excessively" about Giese's findings.

After he first revealed the vulnerability in public, the company's security committee downplayed the issue, saying it requires "specialised hacking tools and physical access to the device".

It's hard to square their statement with the reality. All it had taken was my $300 smartphone, and I hadn't even laid eyes on Sean's robot until after hacking into it.

Ecovacs eventually said it would fix this security issue. At the time of publication, only some models have been updated to prevent this attack.

Several models — including the latest flagship model released in July this year — remain vulnerable.

Clearly, Sean's robot is one of them. And yet, he hasn't been warned by the company about the security flaws affecting his device.

After I told Ecovacs about our experiment, a company spokesperson said an update would be made available for the X2 in November 2024.

"Ecovacs has always prioritised product and data security, as well as the protection of consumer privacy," they said in a statement.

"We assure customers that our existing products offer a high level of security in daily life, and that consumers can confidently use Ecovacs products."

Know something about Ecovacs' security problems? Drop me a line at secure@jtfell.com. (PGP Key is available on my author page).

One isolated vulnerability isn't the 'scary part'

After completing the hack, I set out to answer an obvious question: Who's in charge of making sure these internet-connected devices are actually secure?

It turns out Australia has no mandatory rules for ensuring smart devices aren't able to be hacked.

Last year, the Department of Home Affairs released a voluntary code of practice where compliance is "encouraged but optional".

This means that companies that make devices for sale in Australia, including Ecovacs and other home robotics companies, aren't required to test that their products are safe from even the simplest of vulnerabilities.

However, Ecovacs did in fact have the X2 tested – and certified as secure – by a German company called TÜV Rheinland.

It was tested against a cybersecurity standard with the catchy, technical title of ETSI EN 303 645, which is being suggested for partial adoption as part of Australia's Cyber Security Strategy.

Most home robotics companies, including Ecovacs, Xiaomi, iRobot, and Roborock, routinely have their products certified to this standard, and many countries require it as a baseline requirement.

And this, says Giese, is the "scary part".

He found that Ecovacs devices were extremely vulnerable to hacking despite being certified as secure.

"If their robots are broken like that," he asks, "how does their backend [server] look?"

Giese found these security flaws in his spare time. And so did Braelynn Luedtke and Chris Anderson, two other independent researchers.

So, why didn't the multinational company that was meant to be testing it?

I reached out to TÜV Rheinland to find out.

In response to my queries about the testing processes, TUV Rheinland's Alexander Schneider directed me to a digital certificate, which contained an almost complete absence of detail about how it was actually tested.

"We are confident that our tests met all aspects of the standard," said Schneider in a statement.

Giese disputes this. He claims that at least five of the standard's 13 provisions weren't met by the Ecovacs X2 when he tested it.

The vulnerabilities that Giese found were not examined as part of the testing, wrote Schneider, "as it falls within the scope of professional hacking attacks".

What he's saying is that TUV Rheinland's certification doesn't promise to prevent cyber attacks by serious hackers.

But isn't that exactly who is most likely to carry them out?

Seeking a second opinion

Lim Yong Zhi, a former cybersecurity tester at rival certification company TÜV SÜD, has hands-on experience certifying robot vacuums to the same standard.

He says the testing process is largely "left open for interpretation" by certification companies.

In his view, it does not require that testers cover "in-depth or professional attacks".

"These products face very tight timelines to launch onto the market," Lim explained.

While the standard specifies that common security features must be present, he says, there is no explicit requirement that they are implemented correctly.

"It depends on the experience of the laboratory as well as the personnel who is handling the device for cyber security testing."

And it's only meaningful at one snapshot in time. Often, testing is done before the product is released, while new, unforeseen cyber threats are emerging all the time.

The software that runs on smart devices needs to be updated regularly to keep up with the latest known issues. And each new version of the software uploaded to the robot can potentially introduce new vulnerabilities.

It would be impractical to independently test each new version, says Lim, as it can take months to complete the process.

Given this, he believes product labelling that shows devices meet certification standards may provide a "false sense of security" to consumers.

A spokesperson from Australia's Department of Home Affairs says the government plans to introduce mandatory security standards for smart devices, with enforcement provisions planned to "prevent non-compliant devices from being sold in Australia".

They did not comment on the effectiveness of the ETSI EN 303 645 standard, which has been mentioned in public consultation materials as a potential baseline for adoption.

"As the security needs of different types of smart devices evolve, so too will the Australian government ensure the appropriate security standards apply to them."

The Ecovacs spokesperson noted that the company is "proactively exploring more comprehensive testing methods".

For Dennis Giese, the most concerning aspect of the Bluetooth attack is how hard it is to detect.

"If you do it in a very silent way, [the victim] would never figure it out," he says.

The warning sound does not play. The vacuum robot continues to clean as normal. And it leaves no trace on the device afterwards.

All of this combines to mean there's no way of knowing if shady organisations are already using it for nefarious purposes.

Giese does this work in his spare time, spending his own money on robots to test.

"Imagine you have a whole department of people who are kind of doing that stuff like all day long," he says.

And then, one day after going public with his findings, he didn't have to imagine anymore.

An employee of a notorious CIA contractor approached him, and asked a haunting question.

Credits

• Reporting: Julian Fell
• Editing: Matthew Liddy
• Photography: Esther Linder