I specifically bought a robot vacuum with less sensors (no camera) for this reason. Why does it need camera if bump sensors and Lidar already works, it's asking for trouble.

Ecovacs notified in December 2023

> “Ecovacs has always prioritised product and data security, as well as the protection of consumer privacy,” they said in a statement.

Still not fixed, today.

Mobile Webcam exploit at 100 meters.

I found the open source Valetudo (https://github.com/Hypfer/Valetudo) project quite interesting, as it sits between the vendor firmware and (cloud) connectivity. The project is made possible due to Dennis Giese's research.

It currently supports Dreame, Xiaomi, Roborock and some others. But not Ecovacs. And not sure it prevents this type of Bluetooth vulnerabilities.

His homepage: https://dontvacuum.me/

ABC Australia

Title: We hacked a robot vacuum — and could watch live through its camera