Hobby coder accidentally creates vacuum robot army

Sammy Azdoufal wanted to steer his robot vacuum with a PS5 controller. Like any good maker, he thought it would be fun to drive a new DJI Romo around manually. He ended up gaining access to an army of robotic cleaners that gave him eyes into thousands of homes. Driven by purely playful reasons,...

CVE-2019-12820

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

CVE-2019-12821

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...

EUVD-2019-4402

Malware in sbrugna...

EUVD-2024-34389

Malicious code in bioql PyPI...

CVE-2025-30200

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

CVE-2025-30200 ECOVACS Vacuum and Base Station Hard-Coded AES Encryption

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

Robot vacuum cleaners hacked to spy on, insult owners

Multiple robot vacuum cleaners in the US were hacked to yell obscenities and insults through the onboard speakers. ABC news was able to confirm reports of this hack in robot vacuum cleaners of the type Ecovacs Deebot X2, which are manufactured in China. Ecovacs is considered the leading service...

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

Researchers have uncovered a new attack that lets bad actors snoop in on homeowners’ private conversations – through their robot vacuums. The vacuums, which utilize smart sensors in order to autonomously operate, have gained traction over the past few years. The attack, called “LidarPhone” by...

CVE-2019-12820

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

CVE-2019-12820

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

Code injection

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...

Design/Logic Flaw

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

CVE-2019-12821

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...

CVE-2019-12821

The CVE concerns the Shenzhen Jisiwei i3 robot vacuum cleaner’s app 2.0. A QR code used to add a device to an account encodes the device ID using a predictable pattern (JSW + six digits). An attacker can generate a QR-code with a target device ID to connect an arbitrary device and gain full acces...

CVE-2019-12820

The CVE-2019-12820 entry concerns the Shenzhen Jisiwei i3 robot vacuum cleaner app 2.0 (Android/iOS). The vulnerability is that login and other personal information communications between the app and its server are sent over unencrypted HTTP, enabling a local-network MiTM attacker to capture cred...

CVE-2019-12820

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

Security Glitch in IoT Camera Enabled Remote Monitoring

Swann has patched a flaw in its connected cameras that would allow a remote attacker to access their video feeds. A research team, consisting of Andrew Tierney, Chris Wade and Ken Munro from Pen Test Partners, as well as security researchers Alan Woodward, Scott Helme and Vangelis Stykas, develop...