About the Speaker

Hackers take control of robot vacuums in multiple cities, yell racial slurs". This ABC news (Australia) article sparked a huge media outrage. Many international outlets and influencers were talking about the incidents. Even the stock of ECOVACS took a hit. They are one of the leading vendors in smart home robot products with over 28 million customers.

Today, robots have cameras, microphones and a lot of computational power. If these devices are compromised, it has a huge impact on user privacy. Surprisingly, vulnerabilities stay undetected for a long time.

A number of people in the US were impacted by the hack. Victims reported on Reddit that the robots were driving around, chasing pets and were shouting racial slurs. Media picked up the story, there were a lot of speculations, and many users panicked. Our biggest worry: has our published work been used for bad things?

In this talk, we will talk about our research, the methods we used, our findings and share clarifying background information. We will discuss the timeline of incidents, what really happened, how bad the incidents really were and the aftermath. How can these problems be prevented and how can we as researchers can make sure that our work is not abused? Additionally, we will also talk about unreleased vulnerabilities, which we did not disclose publicly yet.

Dennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a "robot collector" and his current vacuum robot army consists of over 60 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon, HITCON, NULLCON, and DEFCON.