Key Takeaways Smart vacuums can be hacked, leading to privacy concerns. Smart vacs use beta tester images to train AI. These can end up shared online without the user's knowledge. Smart vac apps may leak private information despite end-to-end encryption. ✕ Remove Ads

Imagine for a moment you've just purchased a top-of-the-line smart vacuum. You get it home, unbox it, and set it up. But while you're kicking back, expecting to enjoy some extra free time, something sinister is transpiring.

Unbeknownst to you, hackers are quietly preparing to launch an attack on your new device. When they do, they'll secure access to the video feed provided by the vacuum. Using this feed, they'll peruse live video and images of the inside of your home -- intimate images -- maybe even images of you and your family.

Smart Vac Security Can Be Scary ✕ Remove Ads

While that scenario sounds like the plot of an A24 horror movie, the reality of smart vacuum security concerns is all too real. Privacy issues relating to robotic vacuums have increased as these smart helpers become smarter, pushing researchers to explore these privacy concerns in-depth. Some stories have landed in the news, too. The MIT Technology Review reported on a young woman exposed while using the toilet, while Australia's ABC News reported on Ecovac's smart vacuum vulnerability, allowing them to be hacked.

The research and the incidents present a compelling question: is everyone's favorite revolutionary smart device nothing more than a huge security risk? The answer is both scary and complicated.

Is Your Smart Vac Spying on You? ✕ Remove Ads

The MIT Technology Review article, published in December 2022, brought a sobering revelation to many smart home vacuum owners. The story reported that 15 photos taken by iRobot's Roomba J7 series robot vacuum had been shared across the internet. The MIT Technology Review eventually acquired these photos, and among them were intimate images of a woman using the toilet.

After the story broke, iRobot addressed the images, stating they were taken by "special development robots with hardware and software modifications that are not and never were present on iRobot consumer products for purchase." While that may comfort some, it can't be ignored that eventually, the images wound up on the internet.

Some shots were innocuous, only showing rooms, walls, and furniture. But others were a bit more questionable. In many of them, the user's faces were visible. One of the photos even showed every parent's nightmare: the face of a minor child caught staring bemusedly at the robot vacuum.

✕ Remove Ads Smart Vacs Use Beta Tester Images to Train AI

These types of photos are commonly used to help train the onboard AI for smart devices. However, they're almost always locked down and privately uploaded to the cloud. But in the case of the 15 photos submitted to the MIT Technology Review, these photos were accessed and subsequently recirculated by Venezuelan gig workers to an online forum. It's terrifying to think about, especially when you consider the sharing of these photos may not have been an isolated incident.

Many companies, like iRobot, attempt to improve the AI performance of their newest smart vacs by relying on beta testers to help train their artificial intelligence systems. Often, these testers consent to images being captured and uploaded to company servers without the understanding that they could wind up elsewhere.

✕ Remove Ads

iRobot, for example, is accused of sharing data collected by test users to its global data supply chain, as per the MIT Technology Review. Where every image could be seen, and even annotated, by overseas contractors. If those contractors decide to share images or take screenshots, personal photos could be exposed to unexpected corners of the internet. That's precisely what seems to have happened when the 15 iRobot photos surfaced.

Smart Vacs Can Access Private Information

But beta testing isn't the only security risk. Smart vacuums can also be subject to vulnerabilities presented by the apps that control them. Researchers at the Department of Information Security and Communication Technology [PDF] in Norway concluded that even if a smart app claims end-to-end encryption, there is still the potential for personal details to be stolen.

✕ Remove Ads

During the study, researchers used a simple Raspberry Pi equipped with Wireshark, an open-source packet analyzer, to capture between 8% and 26% of smart vacuum network traffic, while the study concluded:

Despite the implementation of end-to-end encryption by manufacturers to protect user data, our findings demonstrate that unencrypted network header metadata can still expose private and sensitive information

That means your personal information may not be as safe as you think regarding your smart vacuum.

This type of "packet sniffing" isn't common. However, it's easily accomplished with commercially available devices like the Raspberry Pi and Flipper Zero.

Smart Vacs Can Be Hacked ✕ Remove Ads

Probably the most concerning aspect of smart vacuum security, however, is the likelihood of your smart vacuum being taken over by hackers. That's just what happened in early 2024 when cyberattacks compromised several Ecovacs brand smart vacuums during a security breach (as per PC Mag).

In a move straight out of the 1980s classic movie Maximum Overdrive, one of the vacuums rolled into a living room and began shouting racist obscenities at the owners. Another chased a family's dog around the house. This behavior sets a grim precedent that opens the door for more nefarious types of hacking to occur.

Furthermore, as detailed earlier, in October 2024, cybersecurity researchers took control of an Ecovacs Deebot X2 device. Once the device was compromised, the researchers found they could control it from anywhere in the world. We recently reviewed the Ecovacs Deebot X2 combo and found its performance impressive. However, the device's security does raise a few lingering concerns.

✕ Remove Ads Should You Ditch Your Smart Vac?

Like many questions, the answer here is: it depends. While it's easy to believe your smart vacuum isn't prone to security risks, the truth is anything connected to the internet could be a potential weak point inviting exploitation. But that doesn't mean you should just toss out your expensive smart vacuum and return to using your upright.

The decision ultimately comes down to whether you're willing to trade potential device security for the convenience of less time spent cleaning your home. Many people might be willing to make this trade-off, especially if they haven't had problems in the past.

But for those who maintain a water-tight level of security on their home networks or who desire more than the average amount of privacy, you may want to think twice before introducing a smart vacuum into your home.

✕ Remove Ads