Overview
Explore the security vulnerabilities and privacy concerns of Ecovacs robots in this DEF CON 32 conference presentation. Delve into the world of smart home robotics as security researchers Dennis Giese and Braelynn Hacker reveal their findings from extensive reverse engineering of market-leading Ecovacs devices. Learn about critical security flaws including broken encryption, missing TLS certificate verification, honor-system based access controls, remote code execution vulnerabilities, ineffective factory resets, and unauthorized camera access. Understand the challenges of responsible vulnerability disclosure, the limitations of third-party certification agencies, and the implications for user privacy. Discover methods for rooting these devices to implement privacy-preserving modifications while gaining insights into the broader security landscape of smart home robotics. Building on 5 years of vacuum robot hacking research previously focused on Roborock, Dreame, and Xiaomi devices, gain practical knowledge about securing smart home devices and protecting against potential surveillance risks.
Syllabus
DEF CON 32 - Reverse engineering and hacking Ecovacs robots - Dennis Giese, Braelynn Hacker
Taught by
DEFCONConference