Serious security gaps have been found in robotic vacuum cleaners from Ecovacs, the largest company in the category worldwide as hackers managed to breach them.

Over the past few days, several robot vacuum cleaners in the US have gone crazy and suddenly started yelling profanities through their speakers, scaring their owners.

The robots were all Chinese-made, Ecovacs Deebot X2 brand, according to ABC.

Minnesota attorney Daniel Swenson was watching TV when his robot began malfunctioning. “It sounded like a broken radio signal or something,” he told ABC. “You could hear snippets of maybe a voice.”

Thinking that it was some kind of error of her device she rebooted again by filling in the password again. However, the robot vacuum started moving again, spewing curses from the speaker again.

“My impression is that it was a child calling, maybe a teenager,” Swenson said.

The second time he turned it off.

Despite the insults, Swenson was glad the hackers had made their presence felt and hadn’t decided to silently monitor his family. “They could be looking through his robot camera and hearing through the microphone what we were saying without us having a clue.”

“It was shocking,” he said.

Then he took the vacuum cleaner to the garage, placed it there and never turned it on again.

Violations in many cities

Many people in the US have reported similar hacks within days, one after the other.

On May 24, the same day Mr. Swenson’s device was hacked, a Deebot X2 went rogue and chased its owner’s dog around their Los Angeles home.

It’s unclear how many of the company’s devices were compromised in total.

Six months earlier, security researchers had tried to alert Ecovacs to major security flaws in its robot vacuums and the app that controls them.

The PIN code system that protects the robot’s video — and its ability to be controlled remotely — was also known to be flawed, and the warning sound meant to play when the camera is being watched could be disabled remotely. These security issues could explain how hackers took control of multiple bots in separate locations and how they could silently surveil their victims once inside.

During the days Daniel Swenson filed a complaint with the company, however, as he said, he asked him for a video proof of what he was saying.

Finally, a “security investigation” was conducted.

“Your Ecovacs account and password were obtained by an unauthorized person,” a company representative told him via email.

They also said the company’s technical team had identified the culprit’s IP address and disabled it to prevent further access.

In a later email, he was told “there is a strong possibility that your Ecovacs account has been affected by a cyber-attack” however, the company told the ABC it had “found no evidence” that the accounts were compromised through “any breach of Ecovacs systems”.

The company also “sent an immediate email” instructing customers to change their passwords following the incident. Ecovacs said it will upgrade the security for owners of the X2 series in November.