Sucking dust and cutting grass: reversing robots and bypassing security

Dennis Giese, Braelynn Luedtke

Event: 37C3

Date: 2023/12/27

Abstract:

For the past 5 years we have been presenting ways to hack and root vacuum robots at various events like CCC and DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies.

However, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots!

We will present the result of the research that started back in 2018. Explore with us the development on the last years. How did the security and privacy of "Ecovacs" change in contrast to other companies? What kind of cool hardware is out there? Can the devices be used to potentially spy on you?

Learn how reverse engineering works and how to get root access on the devices. Let us show you how you maintain persistence on the devices and run your own software.

Come with us on a journey of having fun hacking interesting devices while exploring bad oversights and real problems. You will be surprised what we found. Let's discuss together what impact this devices will have on our (social) life and what the future of vacuum robot hacking will bring.


An updated and enhanced version of this talk was presented at DEFCON 32 and HITCON CMT 2024

DEFCON 32 (early August 2024)
HITCON CMT 2024 (late August 2024)

Live recording of the talk
Slides
Live Video Pin Bypass Demo
Link to Abstract on official event website

<-- Back to my homepage