Reverse engineering Ecovacs vacuum and lawn mowing robots and using Bluetooth RCE to turn them into moving webcams. π©π½βπ¦―π₯ποΈπ₯·
Hardware security expert Dennis Giese shared with the community his method for disassembling, analyzing, and finding vulnerabilities and security issues in home robots. This time, he focused on Ecovacs products like vacuum cleaners, lawn mowing robots, and more.
Apart from a very interesting research path and highly effective results, the author shows how easily a device with a camera and connectivity can be turned into a surveillance tool that streams video directly to the attacker's device.
The fun fact is: the products are still affected because the company was not interested in fixing them. π€·ββοΈ
Spread the word, and make sure you donβt expose yourself to such threats. Stay safe and secure.
More details:
Reverse engineering and hacking Ecovacs robots: the bad and the really bad [PDF]: https://hitcon.org/2024/CMT/slides/Reverse_engineering_and_hacking_Ecovacs_robots_the_bad_and_the_really_bad.pdf
