Security Vulnerabilities Found in Narwal, Dreame, and Ecovacs
Risks of Privacy Invasion and Personal Data Leakage Identified
The Korea Consumer Agency announced on September 2 that, together with the Korea Internet & Security Agency, it had investigated the security status of six robot vacuum cleaner models distributed in the domestic market and found that some products posed risks of privacy invasion and personal information leakage, prompting immediate action.
The Consumer Agency examined a total of 40 items for the six products under investigation, dividing them into three categories: "mobile application security" for controlling and configuring the robot vacuum cleaners, "policy management," which includes manufacturers' security update policies and privacy protection policies, and "device security," which covers hardware, network, and firmware (embedded software).
As a result of the mobile application security inspection, the Consumer Agency explained that three products-Narwal, Dreame, and Ecovacs-lacked sufficient user authentication procedures, making them vulnerable to illegal access or manipulation. Security vulnerabilities were also identified that could expose users' privacy, such as photos taken inside the home being leaked externally or the camera function being forcibly activated.
In the policy management inspection, one Dreame product was found to have inadequate personal information management, revealing a vulnerability that could lead to the leakage of users' personal information such as names and contact details. While such incidents are unlikely to occur in typical usage environments, the Consumer Agency stated that the issue could be exploited by hackers with a certain level of expertise, so the company was prompted to take immediate corrective action.
In the device security inspection, the hardware security levels of two products-Dreame and Ecovacs-were found to be relatively low. Overall, the products under investigation did not have sufficient firmware security settings, indicating a possibility that the internal security structure of the devices could be exposed externally.
Among the products investigated, Samsung Electronics and LG Electronics received relatively high overall evaluations, as their devices had well-established access permission settings, functions to prevent illegal manipulation, secure password policies, and update policies.
The Consumer Agency recommended that all companies under investigation take measures to enhance security in areas such as mobile app authentication procedures, hardware protection, and firmware security. All six companies responded with plans to improve product quality.
The Consumer Agency also advised consumers to pay attention to basic security measures, such as setting secure passwords and regularly updating security when using robot vacuum cleaners.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
