Can Robot Vacuum Cameras Be Hacked?

2023-10-03

man reading a magazine on a sofa in his home with an ecovacs deebot vacuum robot and omni docking station nearby

Smart watches, fridges, speakers and pet collars - more and more products are becoming ‘smart-ified’, an effect of our lives becoming more integrated and consumers showing interest in personalisation and forming an identity around what their habits say about them. Robot vacuums, which are praised for being able to independently navigate, map and even stream live videos of your house all while being connected to the Internet, are one of the potential smart devices that can potentially spy on you.

What makes a smart device ‘smart’? This word has evolved from simply meaning a device can connect to the Internet or other devices, to meaning a device has sensors to allow it to interact with the real world, to meaning a device utilises artificial intelligence to adapt to user preference or automate processes. Smart gadgets and sensors that can transmit data over a network are also sometimes called Internet of things (IoT) devices . Allowing a camera-equipped device to freely roam a home has concerned some, with critics worrying about what information the robotic vacuum cleaners capture and store.

Why Do Smart Vacuums Have Cameras?

The first robotic floor cleaner equipped with a camera was introduced to the industry in 2015 . The new capabilities made possible by the camera were threefold: first, the 360-degree camera gave the device the power to recognise obstacles using computer vision - beyond simply knowing obstacles were there. Second, it helped with mapping rooms. ( Robotic vacuums could already map their environment through laser-based sensors, but cameras became something that could be used in tandem with other technologies to create a more detailed map.) Third, they could be used as home security devices to check up on pets (check out DEEBOT vacuum robots for pets ) or the house while away.

deebot vacuuming a hardworod floor while a smartphone with the ecovacs home app remotely monitors a pet rabbit on the screen captured by the robotic vacuum’s camera sensor

Today, artificial intelligence-powered smart vacuum cleaners are typically trained to recognise thousands of common household obstacles so they can navigate living spaces more efficiently and distinguish some important objects from others; think a pile of dog poop versus a crumpled cloth. This accuracy with which cameras can ‘see’ is the source of worries about robot vacuum camera privacy.

What Kind of Data Do Robot Vacuums Gather?

All smart devices collect metadata. Metadata can be environmental data, like location and acceleration of the device; it can be data related to the user’s input, like usage duration or voice commands; it can be from things your device connects to, like other device identifiers and Wi-Fi networks - all to make the user experience frictionless and more personalised.

Some robot vacuums don’t connect to the Internet, in which case privacy and security concerns are not much of a worry. But many robot vacuums create floor maps of homes and some use a camera to stream live videos for home security or checking up on pets, relying on Internet connection. In some cases, manufacturers collect data about errors, frequency of use, cleaning schedules and mapping data.

Hackers can leverage metadata to gather information and plan attacks on users. For instance, a 2020 study revealed that hackers can hack into the microphones of certain robot vacuums to listen into people’s homes.

Understanding Potential Risks of Robot Vacuum Spying

deebot x1 omni using 5000Pa suction to vacuum debris off of carpet in a living room

Yes, robot vacuum cameras can potentially be hacked if the device has limited security protocols. The security of a robot vacuum from hackers can be measured in two ways: datasecurity (Is information encrypted? Is there two-factor authentication? Are there automatic software updates?) and data privacy (This encompasses privacy setting options and documents like privacy policies and terms of service which disclose how manufacturers collect and use data).

Unauthorized Access to Video Feeds

The first common fear about robot vacuum camera privacy is outsiders gaining unauthorised access to the device’s video feed or recordings. In a story that went viral in 2022, pictures of a female sitting on a toilet, captured by a robotic vacuum cleaner, circulated around the Internet. The manufacturer responded by saying that the image had been taken as part of the device’s training, but the fact that the image had been captured and made public left a bad taste in people’s mouths. DEEBOT robot vacuums counter hackers accessing cameras by encrypting all data gathered by the device (including videos) with the AES-128 (128-bit Advanced Encryption Standard.

Data Storage & Sharing

The second robot vacuum privacy concern is data storage and sharing, which we touched on above. Some manufacturers store metadata to train their devices in order to improve them However, some users prefer not to have any of their Personal Identifiable Information (PII) kept by companies. DEEBOT robot vacuums from ECOVACS do sometimes gather videos and images for research and development, but users can opt out of this.

Third-party Access

Finally, another common concern associated with robot vacuum cleaner spying is companies selling users’ personal data to third parties. This can be used for any number of purposes, from understanding your preferences to sell you more stuff, to form marketing strategies or just for revenue. DEEBOT users can rest easy because they can request to delete their personal information and photos or videos from ECOVACS’ servers. (But, take note that this may also result in the user’s profile being deleted and requiring resetting.)

How to Safely Use Robot Vacuums with Cameras

couple relaxing on a sofa in their living room as an ecovacs deebot smart vacuum cleaner vacuums beside them

Here are a couple of best practices to incorporate when using your smart vacuum to ease robot vacuum privacy concerns.

Strengthen Wi-Fi Security

Most modern Wi-Fi routers offer WPA2 or WPA3 encryption, which should always be enabled for robot vacuum security. Also, ensure you’ve set a strong Wi-Fi password with symbols, letters and numbers. To take it one step further, consider setting up a dedicated Wi-Fi network for your IoT devices so that even if a hacker gains access to your robot vacuum, it can’t piggyback on the connection to view other sensitive devices like your laptop or phone.

Set Strong Passwords

The Video Manager feature on the ECOVACS HOME app , available with certain DEEBOTs, can be password-protected. This and other related passwords should be unique from those used on other accounts. (A password manager app can be useful for keeping track of long, complex passwords.) Enable multi-factor authentication if the robotic vacuum cleaner or associated app supports it.

Regular Software Updates

Another way to contribute to robot vacuum security is to make sure the robotic floor cleaner has all the latest software updates installed, as these can often include security patches. It’s easiest to enable automatic updates so you don’t miss them.

Suspicious Activity Notifications

If possible, enable text or email notifications when there’s a new log-in from an unknown IP address or device. You can also monitor your robot vacuum cleaner’s activity logs if available. If there’s any suspicious activity that you don’t recognise, report this to the manufacturer.

Check Sensor Type

It’s a good practice to know what sensors your automatic vacuum cleaner has and what data they collect. These can range from camera sensors to microphones to lidar, infrared or ultrasonic sensors. Typically, you can check the user’s manual for information about the type and location of sensors on your smart vacuum. Then, you can check if the manual or manufacturer’s website states how this data is used: is it used only for navigation or also for improving product features?

deebot t8 aivi robot vacuum sensors on the top of the robot vacuum

Read Privacy Policies

Read the privacy policies of the auto vacuum manufacturer and companion app. Scan for information about what data is collected, how it’s used, who it’s shared with and how long it’s stored. For example, ECOVACS priorities data security by having their devices certified to comply with ETSI TS 303 645, an internationally accepted consumer IoT security standard.

Factory Reset

Finally, if you’re really concerned about manufacturers having potentially sensitive data, try factory resetting the smart device and requesting that your information be permanently deleted from manufacturers’ servers.

What are the Data Protection Laws?

On the national level at the very minimum, and sometimes down to the state level, consumers are protected by data privacy regulations and laws which lay out how individuals’ personal information should be handled. This extends to the use of camera-enabled devices in their homes as they generally cover the collection, use and disclosure of personal information obtained through such gadgets in the public and private sector.

Australian consumers are protected by the Privacy Act 1988 which states that individuals must be informed about the purpose behind collecting their personal information. Individuals also have the right to access and correct it. Furthermore, companies are required to take reasonable steps to protect user’s information from unauthorised access, misuse or interference.

ECOVACS adheres to the General Data Protection Regulation (GDPR) in the EU which mandates organisations obtaining consent for data processing and sharing, grants individuals the right to access, correct and permanently erase personal info, and also mandates hefty fines for non-compliance.

FAQ

Why does my robot vacuum have a camera?

Robot vacuums have cameras for improved room mapping, navigation and obstacle detection, wherein beyond just detecting an obstruction ahead they can actively identify what the obstruction is in real time.

Which robot vacuums have good data privacy?

DEEBOT robotic vacuum cleaners have robust data privacy. All data collected by the devices are encrypted with AES-128 encryption, users can opt out of sharing data like videos or images with ECOVACS for training purposes and can also request that sensitive data be completely erased from ECOVACS’ servers.

Does my robot vacuum share my data?

Some automatic vacuum manufacturers do share data with third parties, depending on the laws and regulations of the country they’re in. Consumers can check manufacturers’ privacy policies to see if they can opt out of third-party sharing.

Related Products

DEEBOT-X1TURBO-1280x1280
DEEBOT X1 TURBO
Multi-function vacuum and mopping expert with 4-stage deep cleaning system to tackle stubborn stains
DEEBOT-T10PLUS-1280x1280
DEEBOT T10 PLUS
Premium cleaning robot with mop with AI-based obstacle avoidance, object recognition, and camera
131129_7652-033831_6111-DEEBOTT20OMNI-1280x1280
DEEBOT T20 OMNI
3-in-1 smart cleaning robot with vacuum, sweep, mop, hot-water washing, and drying features