Cybersecurity Breach and Public Response
Deebot X2 robot vacuums in , , and were hacked, with intruders using the devices to shout racial slurs and harass pets. The incidents occurred in May and involved remote control of the vacuums' features.
Despite the attacks being attributed to a "credential stuffing event" from a single IP address, concerns persist over the potential for broader smart home device vulnerabilities. Ecovacs confirmed the breach but stated it originated from their systems rather than individual user accounts.
Security Flaws and Manufacturer Response
Researchers highlighted significant security flaws in Ecovacs vacuums, including vulnerabilities that allowed Bluetooth hacking and unauthorized access to microphones and cameras. An August report criticized Ecovacs' security measures as severely lacking.
Ecovacs plans to release a security upgrade for the X2 series in November, following criticism for insufficient patches to known vulnerabilities. The company faced backlash for not addressing these security issues sooner, despite being informed by researchers in 2023.