"Some Robot Vacuum Cleaners Pose Privacy Invasion and Personal Information Leakage Risks"
Security Vulnerabilities Found in Narwal, Dreame, and Ecovacs
Risks of Privacy Invasion and Personal Data Leakage Identified
The Korea Consumer Agency announced on September 2 that, together with the Korea Internet & Security Agency, it had investigated the security status of six robot vacuum cleaner models distributed in the domestic market and found that some products posed risks of privacy invasion and personal information leakage, prompting immediate action.
The Consumer Agency examined a total of 40 items for the six products under investigation, dividing them into three categories: "mobile application security" for controlling and configuring the robot vacuum cleaners, "policy management," which includes manufacturers' security update policies and privacy protection policies, and "device security," which covers hardware, network, and firmware (embedded software).
As a result of the mobile application security inspection, the Consumer Agency explained that three products-Narwal, Dreame, and Ecovacs-lacked sufficient user authentication procedures, making them vulnerable to illegal access or manipulation. Security vulnerabilities were also identified that could expose users' privacy, such as photos taken inside the home being leaked externally or the camera function being forcibly activated.
In the policy management inspection, one Dreame product was found to have inadequate personal information management, revealing a vulnerability that could lead to the leakage of users' personal information such as names and contact details. While such incidents are unlikely to occur in typical usage environments, the Consumer Agency stated that the issue could be exploited by hackers with a certain level of expertise, so the company was prompted to take immediate corrective action.
In the device security inspection, the hardware security levels of two products-Dreame and Ecovacs-were found to be relatively low. Overall, the products under investigation did not have sufficient firmware security settings, indicating a possibility that the internal security structure of the devices could be exposed externally.
Among the products investigated, Samsung Electronics and LG Electronics received relatively high overall evaluations, as their devices had well-established access permission settings, functions to prevent illegal manipulation, secure password policies, and update policies.
The Consumer Agency recommended that all companies under investigation take measures to enhance security in areas such as mobile app authentication procedures, hardware protection, and firmware security. All six companies responded with plans to improve product quality.
Hot Picks Today
Up to 600 Million Won for Semiconductors, 160 Million Won Bonus for Loss-Making Non-Memory… Samsung Electronics Labor and Management Reach Tentative Deal on Unprecedented Performance Compensation (Comprehensive)
- "Could I Also Receive 370 Billion Won?"... No Limit on 'Stock Manipulation Whistleblower Rewards' Starting the 26th
- "From a 70 Million Won Loss to a 350 Million Won Profit with Samsung and SK hynix"... 'Stock Jackpot' Grandfather Gains Attention
- [Exclusive] 450 Billion Won Korean Investment at Risk as Canadian PE Moves to Acquire US Ascend for $99.2 Million
- "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?
The Consumer Agency also advised consumers to pay attention to basic security measures, such as setting secure passwords and regularly updating security when using robot vacuum cleaners.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
