CVE-2024-12078 Information

Jan 25, 2025 cve

Description

ECOVACS robot lawn mowers and vacuums use a shared static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.

Reference

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf url https://youtu.be/_wUsM0Mlenc?t=2041 url

Share on: