Security researchers Dennis Giese and Braelynn have discovered that malicious hackers can exploit vulnerabilities in Ecovacs vacuum and lawn mower robots to spy on their owners using the devices’ cameras and microphones.

The researchers found that Ecovacs robots can be hacked via Bluetooth, allowing hackers to remotely activate the cameras and microphones. Despite reporting the vulnerabilities to Ecovacs, the company has not responded, leaving users at risk of being spied on by hackers.

Mainly, the vulnerability lies in the ability for hackers to connect to and take control of an Ecovacs robot from up to 450 feet away via Bluetooth, and then establish a remote connection to access the device's cameras, microphones, and other functions. The researchers warn that once compromised, the robots can function as spies without the owners' knowledge.

In addition to the spying capabilities, the researchers also found other security flaws in Ecovacs devices, such as the storage of user data on cloud servers even after an account is deleted, and plaintext storage of PIN codes on lawn mower robots. They caution that once a single Ecovacs robot is compromised, other nearby Ecovacs devices are also at risk of being hacked.