Bin der Meinung das alle Saugroboter spionieren im eigenen Heim. Vor allem die Chinesischen Modelle. Aber zum Glück gibt es hier auch Möglichkeiten dies zu unterbinden. Habe den „Dream Saugroboter“ nur noch lokal laufen.
Ziemlich cooles Projekt: GitHub - Hypfer/Valetudo: Cloud-Ersatz für Saugroboter ermöglicht einen rein lokalen Betrieb
ECOVACS ROBOTICS Statement : Data Security Issues, Facts and Action
ECOVACS places the highest priority on data security and customer privacy. To address the issues raised by Dennis Giese and Braelynn, the ECOVACS Security Committee has initiated an internal review process of network connections and data storage. After the comprehensive internal review, it has been concluded that identified security issues are extremely rare within regular user environments and require professional hacking
tools and physical contact with the device. Therefore, users can rest assured that they do not need to worry excessively about this. Nevertheless, we will continue to proactively improve our products based on our review findings, as we have always done.
Here are the related facts and the actions we will take:
#Issue 1
Geise and Braelynn point out the Bluetooth connection has potential security vulnerabilities because it adopts a PIN verification scheme when Bluetooth is continuously turned on, which is relatively weak in terms of security in professional fields.
If the Bluetooth connection is hacked and the PIN code leaked, users could face risks such as unauthorized control of the camera and microphone, as well as the potential theft of map data, log data, user Wi-Fi passwords, and other sensitive information.
#Fact
Breaking through the PIN code verification of the Bluetooth connection requires being within the Bluetooth coverage area of the device and using specialized hacking tools. We deem this as a hacking method in technical defensive and offensive actions, but it is not something that would typically occur in daily life. We believe it is illegal to use this method to compromise other users’ devices.
#Action
ECOVACS will enhance the security of its products’ Bluetooth connections by implementing technical measures, such as restricting second account logins, strengthening the second verification process for Bluetooth device connections, and requiring physical operations to complete Bluetooth pairing.
#Issue 2
Geise and Braelynn point out some ECOVACS products have potential security risks related to data storage. After resetting the device, the data on the device is not completely erased, and after deactivating the account, the cloud data is not immediately removed, which could be exploited by hackers.
#Fact
In real-world scenarios, when a consumer resets a device, the maps, logs, and settings stored on the device are cleared. Some products retain offline log information to diagnose occasional offline issues. If a user deactivates their account, ECOVACS anonymizes related product usage data on the cloud. Our devices would be hacked only with specialized hacking tools to access device log information, and allow viewing, cloud data within the seven-day validity period only when the cloud access tokens were
cracked.
#Action
ECOVACS is committed to enhancing product security through software updates, activating real-time token invalidation mechanism, increasing the difficulty of obtaining tokens, and clearing logs after reset to ensure data security. We will also remind users to reset their devices before transferring them to others to prevent data leakage.
Other Issues and actions
Regarding other issues raised by Giese and Braelyn, such as the lack of TLS certificate verification, network access security policy, remote code execution vulnerabilities, and real-time cameras’ access authentication, we plan to strengthen system security in upcoming product updates. These measures will include firmware package encryption, secure boot, TLS certificate validation, and file encryption.
ECOVACS has already enhanced product security across multiple dimensions, including system login, file format, verification methods, and protocols.
Our Viewpoints
ECOVACS respects the practice of security experts who identify potential
vulnerabilities through research and proactively share their findings with companies. We believe that the interaction between security experts and companies, through offensive and defensive testing and the publication of results, contributes to the improvement of product security.
ECOVACS has always prioritized product and data security, as well as the
protection of consumer privacy. We assure customers that our existing
products offer a high level of security in daily life, and that consumers can
confidently use ECOVACS products.
Should you have any inquires, please contact us via email: press@ecovacs.com
Hi geht das mit jeden Roboter oder nur mit bestimmten. Hab darüber nichts gelesen.
Jeder Saugroboter kann natürlich saugen, das war es das aber auch schon, was die technischen Feinheiten betrifft.