Robotic Vacuum Cleaners Can Be Exploited to Spy on WiFi Networks

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
20,361
Dongguan Diqee 360 robotic vacuum cleaners can allegedly be exploited in two ways. Since this is an Internet of Things (IoT) device, it is connected to the internet at all times and comes with default login credentials that most customers don't change. Using these credentials the device can be manipulated to spy on the owner as it has a webcam with night vision, smartphone controlled navigation, and WiFi. The second exploit requires physical access to the device to insert a microSD card into the machine and then exploit it to act as a sniffer to intercept all WiFi data and more. The manufacturer has not issued a fix.

As stated by the researchers, these vulnerabilities may also affect other IoT devices using the same video modules as Dongguan Diqee 360 vacuum cleaners. Such devices include outdoor surveillance cameras, DVRs, and smart doorbells.
 

dyzophoria

Gawd
Joined
Jan 17, 2006
Messages
946
I'm not sure how is the company going to issue a fix for people using the default username and password. The problem generally with people is they treat things like these as "oh i'm nobody, nobody will take their time to hackz me", that is why they don't care even if you slap a cardboard with big letters saying telling them to change default login credentials.
 

Rahh

[H]ard|Gawd
Joined
Jan 14, 2005
Messages
1,607
I stopped at "not changing default credentials".

*Godzilla FacePalm*
 

mashie

Mawd Gawd
Joined
Oct 25, 2000
Messages
4,236
So unless people are running their LAN on a public routable IP range or the LAN is compromised already, how would these be exploited?
 
Top