“[Security researcher Dennis Gliese] had recently found a way to take control of a long list of Ecovacs robots, including lawnmowers and Deebot vacuum cleaners, armed with only a smartphone … entirely over Bluetooth, from up to 140 metres away.”
https://www.abc.net.au/news/2024-10-04/robot-vacuum-hacked-photos-camera-audio/104414020
“After he first revealed the vulnerability in public, the company’s security committee downplayed the issue, saying it requires “specialised hacking tools and physical access to the device”.
It’s hard to square their statement with the reality. All it had taken was my $300 smartphone, and I hadn’t even laid eyes on Sean’s robot until after hacking into it.”
“Ecovacs did in fact have the X2 tested – and certified as secure – by a German company called TÜV Rheinland.
TUV Rheinland’s Alexander Schneider directed me to a digital certificate, which contained an almost complete absence of detail about how it was actually tested.”
Greg Egan /
npub12c…gd38p
2024-10-04 03:58:20
Author Public Key
npub12cuzzqzv8e8y7na77a9zv47mx2v6pec60qs5h7takzmv5p0mw0fsmgd38pPublished at
2024-10-04 03:58:20Event JSON
{
"id": "8be2069dcd06e7fc65b82742f85a4b5cf4e855f595792eba02999a4f286c8f04",
"pubkey": "563821004c3e4e4f4fbef74a2657db3299a0e71a78214bf97db0b6ca05fb73d3",
"created_at": 1728014300,
"kind": 1,
"tags": [
[
"proxy",
"https://mathstodon.xyz/@gregeganSF/113247145210785432",
"web"
],
[
"proxy",
"https://mathstodon.xyz/users/gregeganSF/statuses/113247145210785432",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mathstodon.xyz/users/gregeganSF/statuses/113247145210785432",
"pink.momostr"
],
[
"-"
]
],
"content": "“[Security researcher Dennis Gliese] had recently found a way to take control of a long list of Ecovacs robots, including lawnmowers and Deebot vacuum cleaners, armed with only a smartphone … entirely over Bluetooth, from up to 140 metres away.”\n\nhttps://www.abc.net.au/news/2024-10-04/robot-vacuum-hacked-photos-camera-audio/104414020\n\n“After he first revealed the vulnerability in public, the company’s security committee downplayed the issue, saying it requires “specialised hacking tools and physical access to the device”.\n\nIt’s hard to square their statement with the reality. All it had taken was my $300 smartphone, and I hadn’t even laid eyes on Sean’s robot until after hacking into it.”\n\n“Ecovacs did in fact have the X2 tested – and certified as secure – by a German company called TÜV Rheinland.\n\nTUV Rheinland’s Alexander Schneider directed me to a digital certificate, which contained an almost complete absence of detail about how it was actually tested.”",
"sig": "9f13795d9f9632d21896e84a2ea9dcce6fb0d30173fdf2d9ad6806a22309891ff9a22cd65a16470ef5cad32b1d5cefa4433a915ddc747b0016bfccbc92e1bb7e"
}