Hackers may just be watching you without you knowing. This is even more so if you make use of the Diqee Camera Robotic Vacuum Cleaner which is Chinese produced and sold. The camera has features such as an HD 360 degrees camera, anti-collision sound wave feature as well as night vision.
Despite the fact that it does do a great job in ensuring that the house is kept clean, Positive Technologies which is a cyber-security firm states that the device which is internet connected comes with two main vulnerabilities.
First and foremost, Hackers would be able to access the vacuum in a remote fashion and as such move the device as they please, on its own, this would definitely be considered creepy. However, they can also gain access to the camera with a view to having you watched in your own house. Without a doubt, the once awesome and helpful surveillance characteristic certainly doesn’t sound so appealing anymore.
In addition to this, an expert in cyber-security made known to ThreatPost that the said device could be used by a Botnet for the purpose of DDoS attacks or for the purpose of Bitcoin mining.
The other security challenge faced with this device is the one that has to do with the physical hacking into the device. Although it appears seemingly impossible, it can surely permit anyone who may be able to lay hands on the smart vacuum to be able to gain access to some other personal information via the WiFi network. This means that they could very well have your private data sucked up with the dirt and dust.
Who found out?
Credit for uncovering the said vulnerabilities has gone to Positive Technologies researchers George Zaystev and Kroll.
Positive Technologies has come out with a statement warning that the said vulnerabilities will also have an effect on some other Dongguan devices which make use of a similar vulnerable code. This may also include surveillance cameras, DVRs as well as smart doorbells which the company also sells.
Any info on patches?
Responsible disclosure practice was followed by positive technologies and the company was soon alerted as regards the vulnerability thus giving them enough time to rectify same. However, positive technologies have come out to say that it does not know if the same challenge has been rectified.
Any precedents?
It is on record that this is the second time that security researchers discovered a bug within a smart vacuum software which allows an attacker to gain control of the said device and intrude the privacy of the user.
Clarification has been sought for from Diqee and as time goes on, an update will be given in that regard.
However, for the meantime, it is in your best interest that you cease from making use of the device. However, if you really must clean, ensure that you are a bit more conscious of what you are up to especially when you are in front of the camera.