Can Robot Vacuum Cameras Be Hacked?

2023-08-14

man reading a magazine on a sofa in his home with an ecovacs deebot vacuum robot and omni docking station nearby

Smart watches, fridges, speakers and pet collars - more and more products are becoming ‘smart-ified’, an effect of our lives becoming more integrated and consumers showing interest in personalization and forming an identity around what their habits say about them. Robot vacuums, which are praised for being able to independently navigate, map and even stream live videos of your house all while being connected to the Internet, are one of the potential smart devices that can potentially spy on you.

What makes a smart device ‘smart’? This word has evolved from simply meaning a device can connect to the Internet or other devices, to meaning a device has sensors to allow it to interact with the real world, to meaning a device utilizes artificial intelligence to adapt to user preference or automate processes. Smart gadgets and sensors that can transmit data over a network are also sometimes called Internet of things (IoT) devices. Allowing a camera-equipped device to freely roam a home has concerned some, with critics worrying about what information the robotic vacuum cleaners capture and store.
 

Why Do Smart Vacuums Have Cameras?

 

The first robotic floor cleaner equipped with a camera was introduced to the industry in 2015. The new capabilities made possible by the camera were threefold: first, the 360-degree camera gave the device the power to recognize obstacles using computer vision - beyond simply knowing obstacles were there. Second, it helped with mapping rooms. (Robotic vacuums could already map their environment through laser-based sensors, but cameras became something that could be used in tandem with other technologies to create a more detailed map.) Third, they could be used as home security devices to check up on pets (check out DEEBOT vacuum robots for pets) or the house while away.

deebot vacuuming a hardworod floor while a smartphone with the ecovacs home app remotely monitors a pet rabbit on the screen captured by the robotic vacuum’s camera sensor
 

Today, artificial intelligence-powered smart vacuum cleaners are typically trained to recognize thousands of common household obstacles so they can navigate living spaces more efficiently and distinguish some important objects from others; think a pile of dog poop versus a crumpled cloth. This accuracy with which cameras can ‘see’ is the source of worries about robot vacuum camera privacy.
 

What Kind of Data Do Robot Vacuums Gather?

 

All smart devices collect metadata. Metadata can be environmental data, like location and acceleration of the device; it can be data related to the user’s input, like usage duration or voice commands; it can be from things your device connects to, like other device identifiers and Wi-Fi networks - all to make the user experience frictionless and more personalized.

Some robot vacuums don’t connect to the Internet, in which case privacy and security concerns are not much of a worry. But many robot vacuums create floor maps of homes and some use a camera to stream live videos for home monitoring, relying on Internet connection. In some cases, manufacturers collect data about errors, frequency of use, cleaning schedules and mapping data.

Hackers can leverage metadata to gather information and plan attacks on users. For instance, a 2020 study revealed that hackers can hack into the microphones of certain robot vacuums to listen into people’s homes.
 

Understanding Potential Risks of Robot Vacuum Spying


deebot x1 omni using 5000Pa suction to vacuum debris off of carpet in a living room
 

Yes, robot vacuum cameras can potentially be hacked if the device has limited security protocols. The security of a robot vacuum from hackers can be measured in two ways: data security (Is information encrypted? Is there two-factor authentication? Are there automatic software updates?) and data privacy (This encompasses privacy setting options and documents like privacy policies and terms of service which disclose how manufacturers collect and use data).

Unauthorized Access to Video Feeds

The first common fear about robot vacuum camera privacy is outsiders gaining unauthorized access to the device’s video feed or recordings. In a story that went viral in 2022, pictures of a female sitting on a toilet, captured by a robotic vacuum cleaner, circulated around the Internet. The manufacturer responded by saying that the image had been taken as part of the device’s training, but the fact that the image had been captured and made public left a bad taste in people’s mouths. DEEBOT robot vacuums counter hackers accessing cameras by encrypting all data gathered by the device (including videos) with the AES-128 (128-bit Advanced Encryption Standard.

Data Storage & Sharing

The second robot vacuum privacy concern is data storage and sharing, which we touched on above. Some manufacturers store metadata to train their devices in order to improve them However, some users prefer not to have any of their Personal Identifiable Information (PII) kept by companies. DEEBOT robot vacuums from ECOVACS do sometimes gather videos and images for research and development, but only when the customer agrees - when they reach out to ECOVACS for support or when they agree to join the product improvement plan, and users can opt out of this via Robot Settings - Product Improvement Plan, or ECOVAS HOME App - Mine - Settings - Privacy - Data Authorization Settings.

Third-party Access

Finally, another common concern associated with robot vacuum cleaner spying is companies selling users’ personal data to third parties. This can be used for any number of purposes, from understanding your preferences to sell you more stuff, to form marketing strategies or just for revenue. DEEBOT users can rest easy because ECOVACS provide transparency regarding personal information for the purpose of California Consumer Privacy Act (CCPA), users have the right to correct or delete their personal information, or withdraw previous consent at any time by visiting ”Do Not Sell My Personal Information” webpage at https://www.ecovacs.com/us/ccpa. Additionally, they can request to delete their personal information and photos or videos via ECOVACS HOME App : Mine-Settings-Account and Security-Cancel Account (But, take note that this may also result in the user’s profile being deleted and requiring resetting.)

How to Safely Use Robot Vacuums with Cameras


couple relaxing on a sofa in their living room as an ecovacs deebot smart vacuum cleaner vacuums beside them
 

Here are a couple of best practices to incorporate when using your smart vacuum to ease robot vacuum privacy concerns.

Strengthen Wi-Fi Security

Most modern Wi-Fi routers offer WPA2 or WPA3 encryption, which should always be enabled for robot vacuum security. Also, ensure you’ve set a strong Wi-Fi password with symbols, letters and numbers. To take it one step further, consider setting up a dedicated Wi-Fi network for your IoT devices so that even if a hacker gains access to your robot vacuum, it can’t piggyback on the connection to view other sensitive devices like your laptop or phone.

Set Strong Passwords

The Video Manager feature on the ECOVACS HOME App, available with certain DEEBOTs, can be password-protected. This and other related passwords should be unique from those used on other accounts. (A password manager app can be useful for keeping track of long, complex passwords.) Enable multi-factor authentication if the robotic vacuum cleaner or associated app supports it.

Regular Software Updates

Another way to contribute to robot vacuum security is to make sure the robotic floor cleaner has all the latest software updates installed, as these can often include security patches. It’s easiest to enable automatic updates so you don’t miss them.

Suspicious Activity Notifications

If possible, enable text or email notifications when there’s a new log-in from an unknown IP address or device. You can also monitor your robot vacuum cleaner’s activity logs if available. If there’s any suspicious activity that you don’t recognize, report this to the manufacturer.

Check Sensor Type

It’s a good practice to know what sensors your automatic vacuum cleaner has and what data they collect. These can range from camera sensors to microphones to lidar, infrared or ultrasonic sensors. Typically, you can check the user’s manual for information about the type and location of sensors on your smart vacuum. Then, you can check if the manual or manufacturer’s website states how this data is used: is it used only for navigation or also for improving product features?

deebot t8 aivi robot vacuum sensors on the top of the robot vacuum
 

Read Privacy Policies

Read the privacy policies of the auto vacuum manufacturer and companion app. Scan for information about what data is collected, how it’s used, who it’s shared with and how long it’s stored. For example, ECOVACS priorities data security by having their devices certified to comply with ETSI EN 303 645 certified TÜV Rheinland, an internationally accepted consumer IoT security standard.

Factory Reset

Finally, if you’re really concerned about manufacturers having potentially sensitive data, try factory resetting the smart device and requesting that your information be permanently deleted from manufacturers’ servers.
 

What are the Data Protection Laws?

 

On the national level at the very minimum, and sometimes down to the state level, consumers are protected by data privacy regulations and laws which lay out how individuals’ personal information should be handled. This extends to the use of camera-enabled devices in their homes as they generally cover the collection, use and disclosure of personal information obtained through such gadgets in the public and private sector.

There are multiple federal and state laws governing individual privacy in different sectors in the USA. Colorado, California and Virginia do have consumer privacy laws, and here we’ll focus on the Colorado Privacy Act (ColoPA) which become active on July 1, 2023. It states that businesses can collect and share personal data of Colorado residents but that individuals have the right to access, correct and delete this information. Companies must obtain consent prior to processing and sharing data.

ECOVACS adheres to the California Consumer Privacy Act (CCPA) which mandates users have the right to (1) request more information about the categories and specific pieces of personal data we collect, use, disclose, and sell, (2) request deletion of your personal information, (3) opt out of any ”sales” of your personal information that may be occurring, and (4) not be discriminated against for exercising these rights.
 

FAQ

 

Why does my robot vacuum have a camera?

Robot vacuums have cameras for improved room mapping, navigation and obstacle detection, wherein beyond just detecting an obstruction ahead they can actively identify what the obstruction is in real time.

Which robot vacuums have good data privacy?

DEEBOT robotic vacuum cleaners have robust data privacy. Some advanced models feature a video camera so they include additional safeguards. The video stream is encrypted using AES-128 (128-bit Advanced Encryption Standard). Access to the Video Manager feature on the app can also be password protected. DEEBOT models such as DEEBOT X1 & T10 Family have also achieved security and data protection certification through TÜV Rheinland to meet ETSI EN 303 645 standards, users can opt out of sharing data like videos or images with ECOVACS for training purposes and can also request that sensitive data be completely erased from ECOVACS’ servers.

Does my robot vacuum share my data?

Some automatic vacuum manufacturers do share data with third parties, depending on the laws and regulations of the country they’re in. Consumers can check manufacturers’ privacy policies to see if they can opt out of third-party sharing. ECOVACS takes your privacy seriously and is transparent about the type of data collected, how it’s used and protected, and how customers can request to remove it. Our policies comply with local regulations (California's CCPA), and can be found in the privacy policies on ECOVACS Official Website and ECOVACS HOME App: Settings - About - Privacy Policy.

Related Products

DEEBOTT20OMNI-1280x1280
DEEBOT T20 OMNI Robot Vacuum
A New Generation of All-in-One DEEBOT with Automatic Mop Lifting and Hot-water Mop Washing
T30S-PRO-Black-1280x1280
DEEBOT T30S PRO Robot Vacuum
ECOVACS Truly Edge-Mopping and Tangle-Free DEEBOT
DEEBOT-T10PLUS-1280x1280
DEEBOT T10 PLUS Robotic Vacuum and Mop
The all-new ECOVACS DEEBOT T10 PLUS is a premium robotic vacuum and mop cleaning system
Rates from 0–36% APR. Payment options through Affirm are subject to an eligibility check and are provided by these lending partners: affirm.com/lenders. Options depend on your purchase amount, and a down payment may be required. CA residents: Loans by Affirm Loan Services, LLC are made or arranged pursuant to a California Finance Lenders Law license. For licenses and disclosures, see affirm.com/licenses. For example, a $800 purchase could be split into 12 monthly payments of $72.21 at 15% APR or 4 interest free payments of $200 every 2 weeks.