Skip to main content
 

Insecure Deebot robot vacuums collect photos and audio to train AI

[Julian Fell at Australian ABC News]

"Ecovacs robot vacuums, which have been found to suffer from critical cybersecurity flaws, are collecting photos, videos and voice recordings ā€“ taken inside customers' houses ā€“ to train the company's AI models."

So in effect these robot vacuums are tiny spies inside your home, sending details about your living space and potentially your family to some centralized data store.

This must be some terrible breach, right? A mistake? Code that should never have made it to production?

Not quite:

"The Chinese home robotics company, which sells a range of popular Deebot models in Australia, said its users are "willingly participating" in a product improvement program."

"[...] It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs."

So, obviously, this is bad. The thing is, if any device is recording this kind of footage and sending it to a centralized datastore, it's reasonable to assume that it will eventually be compromised, either by a third party or the vendor themselves. It's not good that this is happening, but unless footage remains on your home network and never makes it to the internet, every device should be considered a security risk.

It's worth considering which devices could be quietly sending data to someone who can see them, and what implications that might eventually have. A simple rule of thumb is that if it's physically possible, someone will eventually do it.

[Link]

· Links · Share this post