If you think your robot vacuum is watching you, you might not be wrong

Robot vacuum at work at home generated by Adobe Firefly AI
(Image credit: Adobe Firefly)

Sometimes I look at my robot vacuum and wonder if it knows how much I like it. I do not ponder if it's staring back at me, thinking...well...who knows what? If I owned an Ecovac robot vacuum, though, that might be all I was thinking about and, soon, throwing a blanket over its potentially rapacious camera.

According to a new report and the work of long-time robot vacuum hackers, some Ecovac vacuums can, with some skill but no physical access, be hacked, giving would-be attackers access to all onboard systems and sensors, including the camera.

It's a simple and somewhat unnerving tale: An ABC Australia news reporter, Julian Fell, followed up on reports that some Ecovac vacuums could be hacked and was soon, with the permission of an Ecovac owner, hacking a robot vacuum in the safety of his news site's offices.

Not a hacker himself, Fell worked with cybersecurity researcher Dennis Giese who (along with collaborators Braelynn Luedtke and Chris Anderson) discovered the hack and has spent years researching robot vacuum vulnerabilities. Via email, Giese told me he's researched most of the major robot vacuum manufacturers, including Neato and iRobot. "Ecovacs is a bit unlucky this year, as I usually swap the vendor every year. Next year, it might hit a different vendor."

Giese developed a payload and all Fell had to do was stand outside his offices, connect to the robot vacuum via Bluetooth, and download Giese's encrypted payload to it. That triggered a function in Ecovac's vacuum, which led to it downloading a script from Giese's server and then executing it. Within moments, both Fell and Giese had access to the robot vacuum's camera feed. They could see what it saw and, more chillingly, were able to, according to the report, use the speaker to send a message to the Ecovac's owner: "Hello Sean, I’m waaaatching you.”

At no point during this process did the robot vacuum indicate that it was under outside control.

Ecovac's POV

When contacted about the Hack story, Ecovacs sent me this response:

"ECOVACS places the highest priority on data security and customer privacy. To address some security issues raised over the last several months, the ECOVACS Security Committee initiated an internal review process of network connections and data storage. As a result, we have enhanced product security across multiple dimensions, and will continue to strengthen system security in upcoming updates."

This differed slightly from what the company told TechCrunch in August. Back then, it mentioned the internal review process but also said consumers had little to worry about, claiming in the statement to TechCrunch, "Security issues pointed out by Giese and Braelynn are extremely rare in typical user environments and require specialized hacking tools and physical access to the device. Therefore, users can rest assured that they do not need to worry excessively about this."

While Ecovac was likely right about the programming tools, I asked Giese about the "physical access" claim since Fell's report detailed how he used only a Bluetooth connection from outside his office and the payload on his phone to hack the vacuum.

Giese told me that there are many different vulnerabilities, but for the one that Fell hacked, "You only need a phone and the magic payload. No physical access, you do not even need to know where the robot is, who it belongs to, or what kind of model it is. If you are in range, you can do it."

Giese first told Ecovacs about the vulnerability in December 2023 and told Fell that the company initially didn't even respond to the message. Giese, though, is not a Black Hat hacker and has no plans to release the details of the hack to the public. In fact, he has no particular beef with Ecovacs.

"Ecovacs was just unlucky this year...I am not super focused on Ecovacs and would have moved on by now if the problems were fixed."

"It appears that I 'bite' into that company and want to damage them, but that's not true. I am not super focused on Ecovacs and would have moved on by now if the problems were fixed," said Giese.

He added that he doesn't necessarily blame Ecovacs for these and other robot vacuum vulnerabilities. He claims that the company paid to get the proper certifications. "Ecovacs is also a victim here. They paid money to someone that was expected to certify them according to a standard (ETSI xxxx). There were a lot of things that should have been found (e.g. the SSL issues), but they were not."

As for what you should do if you own an Ecovacs robot vacuum: Start with making sure all your software is up-to-date. Ecovacs may not agree this is a dangerous vulnerability, but Ecovacs did tell us, "We have enhanced product security across multiple dimensions," which sounds like software updates to me.

In the meantime, you could do as the original Ecovacs consumer did and put a blanket over the robot vacuum camera when it's not in use.

You might also like

Lance Ulanoff
Editor At Large

A 38-year industry veteran and award-winning journalist, Lance has covered technology since PCs were the size of suitcases and “on line” meant “waiting.” He’s a former Lifewire Editor-in-Chief, Mashable Editor-in-Chief, and, before that, Editor in Chief of PCMag.com and Senior Vice President of Content for Ziff Davis, Inc. He also wrote a popular, weekly tech column for Medium called The Upgrade.

Lance Ulanoff makes frequent appearances on national, international, and local news programs including Live with Kelly and Mark, the Today Show, Good Morning America, CNBC, CNN, and the BBC. 

Read more
Robot vacuum with legs (left), one carrying a tray of food (centre) and one with a robotic arm (right)
Tiny feet, bionic arms, and bots that can deliver a sandwich – 6 weird and wonderful robot vacuum innovations from CES 2025
Roborock Saros Z70 robot vacuum picking up a sock with its pincer arm
I've seen most of 2025’s flagship robot vacuums and let me tell you, things are about to get weird
Dreame L40 Ultra (left) and D-shaped Dyson 360 Vis Nav robot vacuums (right)
5 overdue robot vacuum innovations I want to see in 2025
SwitchBot K20+ Pro
This robot vacuum can also bring you a sandwich, and it might be the greatest gadget we've seen yet at CES
Woman setting up air fryer using phone
Your air fryer might be sharing your private data – here's how you can protect yourself now
iRobot Roomba Combo 405 Plus
iRobot's understated new fleet of Roombas nails what I actually want from a robot vacuum
Latest in Robot Vacuums
iRobot Roomba Combo 205
This new Roomba finally solves the big problem I have with robot vacuums
Roborock Q5 Pro+ robot vacuum on a rug
I tested one of the cheapest Roborock robovacs and it still offers excellent vacuuming
iRobot Roomba Combo 405 Plus
iRobot's understated new fleet of Roombas nails what I actually want from a robot vacuum
Roomba poking out from under a chair
iRobot is overhauling its robovac range, and for the first time in years I'm excited about a new Roomba
iRobot Roomba Vac Robot Vacuum Q0120 with iRobot app displayed on green background with TechRadar don't miss sign
This cheap entry-level Roomba robot vacuum is now almost 50% off at Amazon
Roborock robot vacuum next to a Big Savings graphic
How to buy a cheap robot vacuum in the Presidents' Day sales – 5 shopping tips from a deals expert
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over