Wait, this situation is way worse than what's on the headline. These things (ecovac robot vaccums) have remotely accessible cameras? What in the Heebie Jeebus?
He opened the vacuum’s app to find a stranger was accessing its live camera feed and remote control feature, but assumed it might be an error.
On one hand, that's pretty funny. But why would you allow the thing on the internet? No experience with robot vacuums, but don't you just throw in on the floor? Set and forget?
They would be within the same local wifi network. Or you could even use Bluetooth for a direct connection. There's no reason for those things to connect to the internet, unless you want to update the firmware. Anything else is just a security and privacy risk.
anything else is going to be too big a hurdle for a huge portion of the customer base.
That's just a lie companies tell to try to excuse their theft of your data. They could make it work locally and be user-friendly at the same time if they wanted to, but they just don't want to.
Unless and until companies are held truly accountable for releasing stuff with this bad of security baked in, we're going to keep seeing this sort of story.