When I heard about this little gem on ABC news, I was 100% sure you guys would appreciate this.
Because what should be the most innocent thing in your house, your robovac, you know, that little disk of joy mindlessly bumping into furniture while you’re trying to watch Netflix.
Well, plot just twisted in a gnarly way… it has gone rogue, and not in the cool, Terminator-style way.
Nooooo, hackers that decided the future needed a new low point, and they’re using your robovac to chase your dog while hurling slurs.
This, folks, is hacking 2024 style.
😹
Before we start!
If you like this topic and you want to support me:
- Comment on the article; Google appreciates that and it will really help spread the word 📢
- Connect with me on Linkedin 🔗
- Subscribe to TechTonic Shifts to get your daily dose of tech 💉
Stuff your credentials elsewhere
Let’s start with the official excuse from Ecovacs, who are the builders of the Deebot X2 Omni.
They called this little mishap a “credential stuffing event”.
A what stuffing?
The only stuffing I know is that of a turkey during Thanksgiving!
Oh, of course… credential stuffing. A little sprinkling of hacker magic, and poof, your robovac’s turned into a racist Roomba with a vendetta against your pets.
Lemme explain what happened:
TL;DR (without the yada yada crap): Credential stuffing is hackers recycling your old login details across various websites, hoping you’ll be too lazy to use different passwords.
A “credential stuffing event” sounds fancy, but it’s basically a buffet for a lazy hacker.
It starts with our hacker buddies getting their greasy, chips- and pizza crumbs hands on a list of usernames and passwords that were stolen or leaked from some random website. Now, instead of cracking into one account at a time, they take these credentials and try them on multiple other websites.
It’s a bit like how you test spaghetti … you throw it at the wall to see what sticks.
Why does this work you would ask yourselves…
Well, it works because people (guilty as charged!) tend to use the same password across multiple accounts. So, if hackers find your email and password from a low-security site, they will try the same combo on your bank account, social media, Netflix, and … yes, even your robosuck’s app.
And when they get in, boom!!!
Your robot vacuum is suddenly under new management.
What’s next?
Will my fridge start giving me dietary advice?
Apparently, everything with a Wi-Fi connection is out for blood these days !
Stories of home horror
ABC News talked to some poor souls who witnessed their vacuum turn into a stalking friday the 13th villain.
For instance, there was this guy, Daniel Swenson, he is a lawyer from Minnesota. Dude was just trying to enjoy some family TV time when his vacuum started making noises like a broken-up radio signal. Imagine the horror….Netflix and chill, and suddenly static ghost whispers coming from your appliance.
Classic Evil Dead Horror.
He tried resetting the vacuum, as any sensible dude would (I would go for the kill, or at least Emergency Repair Procedure number 1: 🔨 ). But after that things only got worse. Now, instead of creepy static, he got a full-blown teenage hacker foul mouthing 🤬🤬🤬 through the robovac’s speaker.
I mean, sure, goblins are annoying, but through your vacuum?
That’s some next-level trolling, peeps!
In anther part of the world: Los Angeles, some other evil genius decided to have the Deebot chase a dog.
🧟♀️🐩 😱
Yep. Picture it…. FooFoo minding his business when the vacuum goes full psycho and starts yelling at it.
That’s the kind of trauma no doggy obedience class will ever fix.
Ecovacs’ response: Uhhh, we blocked an IP address.
In a stunning display of corporate mea culpa, the guys at Ecovacs, issued a statement that said they identified the hacker’s IP address and blocked it.
………… 😕 🤔 🙋
Great work guys.
Because that always solves everything, right..
Ever heard of VPN, or proxy servers, or just plain ol’ internet cafe’s…
They also added a “there’s no evidence, but maybe usernames or passwords were stolen” to the app.
Oh, phew.
So your passwords are fine, but your vacuum is still a racist jerk.
Cool, cool.
But don’t worry, they promise to “further enhance security” with an update in November.
Translation: they are patching this thing after your vacuum terrorized your entire household. But hey, we’ll get to it in sprint number 49.
Super comforting.
A trend of smart-home disasters
This isn’t even the first time some smart home gadget decided to go rogue.
If you’re old enough like me (just read my LinkedIn page, and Infer – yes that’s also an AI term… and while you’re at it, just hit connect), you probably remember that fun time when security cameras were showing you other people’s living rooms as a “surprise feature”?
I had a great time watching other people until I realized that my feed was showing up elsewhere…
Yeah, smart devices can be real team players like that. And now, you can add racist robovacs to the list.
Half of these gadgets are connected to the cloud, so if hackers want to mess with your home, well, they probably just need your half-baked password and a few minutes.
This is what happens when companies are more interested in adding Bluetooth capabilities to a vacuum than, you know, making sure it doesn’t harass your pets.
Passwords that n@@bs use
Do you feel like this is about you, don’t get angry, do some introspection instead….
Because when it comes to password conventions, the “bare minimum” crowd really shines.
You’ve got the standard StreetName+Number+!
Because nothing screams more “unhackable” than “ElmStreet101” (adding an exclamation point is basically cybersecurity, right?).
Then you have Birthday+!, where using “Marco1990! (I wish)” is the digital equivalent of leaving your keys under the doormat.
And for the more creative types, you see the classic FirstName+123 or PetName+Year, as if “Buddy2019” is some kind of cryptic code.
And for those who really want to roll the dice, there’s always “Password!”, or MAGA2020! That’s an option that’s about as effective as locking your front door and leaving the key in the lock.
Now, let’s double down on the insanity.
Some people truly believe that switching up their PetName and Year for every account makes them hacker-proof. So, you get gems like “Fluffy2018” for Netflix and “Fluffy2019” for email, as if this minor tweak throws off the hacker gods.
Oh, and don’t forget the FavoriteTeam+Year! approach, because “cybersecurity” like “Yankees2021!”, is king, especially when half the planet is rooting for the same team.
What other people besides me are saying
One Twitter user, @PetDramaQueen, tweeted:
“My robovac just chased my cat for 15 minutes while screaming obscenities. This is not what I signed up for when I paid $800 for this thing!”
Another user, @VacuumedLife, hooked in, “What’s next? My fridge telling me to order pizza in a rude tone? Thanks, hackers. #Blessed.”
And the best one: Someone in a Reddit thread flung this into the air, “My Deebot vacuum is officially more aggressive than my toddler. At least it doesn’t throw LEGOs at my feet… yet.”
So, what have you learned today?
Knowing you guys, not pretty much, but the one thing that probably stuck is that hackers have waaay too much time on their hands and robovacs are their newest playthings.
If your vacuum starts following your dog around while spewing profanities, just remember: it’s 2024, and this is the future we’re living in.
It’s our home, but their playground !
So go ahead, reboot it and reset your password for the tenth time.
That’ll totally fix it…
Until the next hack…
….and if you wonder how this would sound in Russian: Do sleduyushchego vzloma
….or North Korean: Da-eum haekingkkaji
Signing-off Marco
Well, that’s a wrap for today. Tomorrow, I’ll have a fresh episode of TechTonic Shifts for you. If you enjoy my writing and want to support my work, feel free to buy me a coffee ♨️
Think a friend would enjoy this too? Share the newsletter and let them join the conversation. Google appreciates your likes by making my articles available to more readers.
Leave a Reply