Australian households relying on cheap Chinese robot vacuums could be exposed to hackers, with new research revealing major security flaws, including remote access to built-in cameras, in several popular brands.

Chinese brands Narwal, Ecovacs and Dreame were found to have serious security flaws after testing by the Korea Consumer Agency (KCA) and the Korea Internet & Security Agency.

The agencies examined six popular robot vacuums, four Chinese and two Korean, with the three Chinese products flagged for weak security protections.

The most alarming flaw was in Dreame’s X50 Ultra (pictured), which allowed hackers to remotely activate the vacuum’s camera.

If permissions were shared, attackers could even watch live video feeds inside homes.

Narwal’s Freo Z Ultra and Ecovacs’ Deebot X8 Pro Omni were also found lacking proper authentication, meaning photos captured during cleaning could be accessed without verification.

Narwal Freo Z Ultra

Ecovacs devices carried the additional risk of malicious files being planted directly into a user’s photo album.

Privacy checks showed Dreame devices failed to properly safeguard personal details, including names and phone numbers.

Security analysts warned that because many of these brands store data on Chinese cloud services such as Alibaba and Baidu, Korean consumer data –  and potentially Australian users’ data – may be held offshore.

The findings follow earlier reports of Ecovacs vacuums being hijacked overseas, with hackers using the devices’ cameras and microphones to spy on households, and in some cases shout abuse through their speakers.

Ecovacs Deebot X8 Pro Omni

By contrast, KCA found Samsung and LG robot vacuums had far stronger protections, including anti-tampering features, robust password systems and encrypted data handling. Both companies recently secured top-level IoT security certifications.

With Chinese brands seeing strong sales in Australia due to their lower prices, experts are urging consumers to take extra precautions.

The KCA recommends setting strong, unique passwords for vacuum apps, enabling regular firmware updates, and where possible running smart appliances on separate home networks.