Security Researchers Find Smart Camera That Really Does Suck

Security researchers found a string of vulnerabilities in an improbable place — a smart vacuum cleaner equipped with a camera. One of the attack vectors allowed hackers to take control of the camera’s live feed.

The Internet of Things (IoT) is home to all kinds of interesting devices, from regular items such as routers to sophisticated smart speakers. Somewhere in the middle, though, is a swath of devices that cover various functionalities that don’t necessarily come to mind as possible or useful.

The Ironpie M6 is a smart vacuum cleaner, and you’re in good company if you’re hard-pressed to imagine what kind of functionality would require IoT integration. It turns out that the vacuum cleaner comes with an attached camera. When cleaning is done, the vacuum cleaner can be propped up in a corner and become a surveillance camera.

“In the research, several vulnerabilities and bad coding practices were identified,” explained the researchers. “Some of them were weak security implementations with no practical use cases, while others show profound misguidance regarding a serious security stance on a self-proclaimed security product, as was the case with Trifo.”

There are two major issues with the results regarding Ironpie M6. The most dangerous vulnerability is one that would allow bad actors to remotely connect to the vacuum cleaner and access the live feed. This in itself is a huge issue to be avoided in any device with a camera.

Secondly, the researchers tried to contact the makers of the smart device, to no avail. Since they didn’t respond to any of the notifications, the researchers were forced to publish their findings. Hopefully, the company will step up and fix the problems. Luckily, no technical details about the vulnerabilities were published so that hackers don’t have an easy time replicating the process.

A similar issue was encountered when Bitdefender tried to contact the makers of iBaby to notify them of a serious vulnerability that would let any user view images and videos hosted in the cloud