If you’ve seen a movie where the camera angle is pointed up from the ground, you can imagine what your smart vacuum sees and chuckle a little at the idea. However, if there’s a stranger watching you from any angle, that’s no laughing matter.
The camera mounted to the Trifo Ironpie robot vacuum is designed as a security device but happens to be entirely unsecure from potential hackers.
A cybersecurity firm Checkmarx has identified multiple vulnerabilities with the internet connected smart vacuums, the worst “would allow remote attackers to access users’ video streams by accessing Trifo’s servers.” Hackers could also “send a fake software update to the vacuum’s app, tricking users into downloading malicious software.”
Another “neat” trick (we’re kidding), is if hackers get close enough to a user’s wi-fi, they hack hijack the device and control its movements, viewing any accessible area of the home.
Unencrypted data is also a flaw the Ironpie vacuums can add to their list of vulnerabilities, leaving their information free to view if intercepted, providing a map of the house – which could be dangerous in the wrong hands.
The flaws have not been fixed despite multiples attempts to contact the company for comment, unfortunately leaving these devices open for exploitation.
Erez Yalon of Checkmarx, who contributed to this research, explains that as new IOT devices are connected each, “can open users to a host of security issues.” There are countless devices with accessible cameras and microphones brought into homes every year, and not everyone understands the dangers that come with it.
Not all software powering these devices are secure, leading to hijacked security cameras, children’s toys, and now smart vacuums.
These accessible video streams are a common problem in IOT devices, especially when passwords protecting them are easy to guess or have been compromised and exposed in a data breach.
The lack of security is in part due to the rush by manufacturers to meet demands for these smart devices and is one of the biggest problems the industry is facing.
Customers can opt to cover the camera, but is that a satisfactory fix? Not in our book.
If you need assistance with cybersecurity services, contact DarkHound at [email protected]
Image Source: https://www.pexels.com/photo/round-robot-vacuum-844874/