According to foreign media reports, a 360-camera intelligent sweeping robot with a security function produced by a Chinese brand has security vulnerabilities and may be attacked by hackers, thereby manipulating the robot to check the privacy of the user's home.
While some high-end robotic vacuum cleaners, such as the iRobot Roomba 980, use cameras to help them move more easily at home, Diqee uses a camera to turn the device into a safety monitoring system. When the vacuum cleaner is charging or walking at home to clean the carpet, the user can pass the camera Remotely view the situation at home.
However, security researchers now find that the robot has two security vulnerabilities that make it vulnerable to attack. The first vulnerability allows hackers to have superuser privileges on the device and remotely control them to move at home, which is a bit creepy. The second vulnerability allows hackers to view the video content captured by the camera.
Researchers at Boston-based international network security company Positive Technologies have discovered the vulnerability, which is said to affect other products manufactured by Diqee, such as video doorbells and security cameras and devices it produces for other brands.
Leigh-Anne Galloway, head of the company's Cyber Security Resilience division, said: 'As with any other IoT device, these robots may be grouped into botnets for DDoS attacks, but this is not even the worst for the owner. Because the machine has Wi-Fi capability, and with a night vision webcam and a smartphone-controlled navigation system, an attacker could secretly monitor the user's privacy.
Positive Technologies explains how to remotely obtain 'superuser privileges' and does not require physical access to the machine, and the default login username uses 'admin' and the password uses '888888', making this process much easier.
However, in order to control the camera, the hacker needs physical access to the bot, and there is enough time to install the SD card without 'no digital security check', and restarting the device will cause it to perform a software update, deliberately installing the malware without performing any checks.
After that, the hacker can control the movement of the robot, access its camera, and attack other devices on the same Wi-Fi network. Of course, the vulnerability is relatively less harmful.
In October 2017, security researchers from Check Point discovered similar vulnerabilities in Sweepers made by LG. Hackers can control Hom-Bot devices and access real-time video streams from their cameras. This vulnerability may also affect LG's ThinQ. The smart home system can also control other connected devices, such as smart dishwashers and washing machines.