Robotic Vacuum Cleaners Can Be Exploited to Spy on WiFi Networks


Fully [H]
Apr 10, 2003
Dongguan Diqee 360 robotic vacuum cleaners can allegedly be exploited in two ways. Since this is an Internet of Things (IoT) device, it is connected to the internet at all times and comes with default login credentials that most customers don't change. Using these credentials the device can be manipulated to spy on the owner as it has a webcam with night vision, smartphone controlled navigation, and WiFi. The second exploit requires physical access to the device to insert a microSD card into the machine and then exploit it to act as a sniffer to intercept all WiFi data and more. The manufacturer has not issued a fix.

As stated by the researchers, these vulnerabilities may also affect other IoT devices using the same video modules as Dongguan Diqee 360 vacuum cleaners. Such devices include outdoor surveillance cameras, DVRs, and smart doorbells.
I'm not sure how is the company going to issue a fix for people using the default username and password. The problem generally with people is they treat things like these as "oh i'm nobody, nobody will take their time to hackz me", that is why they don't care even if you slap a cardboard with big letters saying telling them to change default login credentials.
I stopped at "not changing default credentials".

*Godzilla FacePalm*