Robotic Vacuum Cleaners Can Be Exploited to Spy on WiFi Networks

[cageymaru]

Dongguan Diqee 360 robotic vacuum cleaners can allegedly be exploited in two ways. Since this is an Internet of Things (IoT) device, it is connected to the internet at all times and comes with default login credentials that most customers don't change. Using these credentials the device can be manipulated to spy on the owner as it has a webcam with night vision, smartphone controlled navigation, and WiFi. The second exploit requires physical access to the device to insert a microSD card into the machine and then exploit it to act as a sniffer to intercept all WiFi data and more. The manufacturer has not issued a fix.

As stated by the researchers, these vulnerabilities may also affect other IoT devices using the same video modules as Dongguan Diqee 360 vacuum cleaners. Such devices include outdoor surveillance cameras, DVRs, and smart doorbells.

 

[viper1152012]

Omg don't use default passwords.

Ask family and most do...... *slaps forehead with laptop.

 

[_l_]

 

[Betaboy1983]

What the F^@#& does a vacuum need a night vision camera for? Am I missing something here?

 

[dyzophoria]

I'm not sure how is the company going to issue a fix for people using the default username and password. The problem generally with people is they treat things like these as "oh i'm nobody, nobody will take their time to hackz me", that is why they don't care even if you slap a cardboard with big letters saying telling them to change default login credentials.

 

[sfsuphysics]

So Chinese knockoff Roomba has potential flaws... oooh color me not shocked

 

[gwarren007]

What the F^@#& does a vacuum need a night vision camera for? Am I missing something here?

Upskirt videos...

 

[d8lock]

I kept waiting for that thing to get ripped to shreds. But by the end, I was rooting for the little guy.

 

[lostin3d]

Seems like there's more than a few 'blows' occurring with IOT tech. Remember these:

https://www.hardocp.com/news/2017/0...ion_cad_for_tracking_customer_sexual_activity

&

https://www.hardocp.com/news/2017/11/11/sex_toy_company_admits_to_recording_customers_says_was_bug

I know this thread is about vacuums but there's usually some ties to push and pull-haha.

 

[kju1]

Upskirt videos...

Links plz.

 

[Rahh]

I stopped at "not changing default credentials".

*Godzilla FacePalm*

 

[katanaD]

What the F^@#& does a vacuum need a night vision camera for? Am I missing something here?

From the link.. its for protection.. and listed as a feature. so.. its a vacuum cleaner that doubles as a guard

hahaha

 

[PaulP]

More amateurs deploying IoT devices. Nothing new here - move along.