‘Top tier’ security? Not quite, says KCA about Chinese robot vacuums
Published: 06 Oct. 2025, 17:06
Updated: 07 Oct. 2025, 11:31
![An advertisement for a Chinese-made robot vacuum cleaner, marketed with the slogan, ″Top-tier security, safe to use.″ [SCREEN CAPTURE]](https://koreajoongangdaily.joins.com/data/photo/2025/10/07/1c93f607-c5e5-4c45-8c6e-9f7d74f9f8ab.jpg)
An advertisement for a Chinese-made robot vacuum cleaner, marketed with the slogan, ″Top-tier security, safe to use.″ [SCREEN CAPTURE]
Chinese-made robot vacuums marketed with slogans like “Top-tier security,” “Safe two-way communication” and “Trust the No. 1 in protection” have been found to contain serious security flaws, according to a recent investigation by the Korea Consumer Agency (KCA).
The KCA examined six robot vacuum models — Samsung’s Bespoke AI Steam, LG’s CodeZero R9 All-in-One AI, Narwal’s Freo Z Ultra, Dreame’s X50 Ultra, Roborock’s S9 MaxV Ultra and Ecovacs’ Deebot X8 Pro Omni — against 40 cybersecurity criteria. Only Samsung and LG met high standards across all categories, including app security and data policy management.
In contrast, the Chinese brands showed vulnerabilities such as forced camera activation, malware transmission and password exposure. This was despite their claims of compliance with EN 303 645, an international IoT security standard established by the European Telecommunications Standards Institute (ETSI).
![Samsung's Bespoke AI Steam [SAMSUNG ELECTRONICS]](https://koreajoongangdaily.joins.com/data/photo/2025/10/07/fd32bc07-7584-4850-aee3-6c3be9c03c37.jpg)
Samsung's Bespoke AI Steam [SAMSUNG ELECTRONICS]
The KCA said the companies failed to maintain proper security updates or protect user data as required under the certification. The EN 303 645 standard, introduced in 2020, outlines 13 cybersecurity principles, including secure software updates, vulnerability reporting and data protection.
An official from one certification body said that while the devices met basic European market standards, “the KCA applied even stricter testing.” Following the investigation, all affected companies implemented corrective measures.
Samsung and LG, meanwhile, have emphasized domestic certifications and in-house security systems. Samsung’s model earned the Korea internet & Security Agency’s (KISA) highest-level IoT security certification — the only robot vacuum in Korea to do so. LG applies its own Standard Secure Development Lifecycle (LG SDL) to its smart appliances.
![LG Electronics' latest robot vacuum cleaner was revealed at IFA 2025 held on Sept. 5 in Berlin, Germany. [LG ELECTRONICS]](https://koreajoongangdaily.joins.com/data/photo/2025/10/07/3e846faa-a135-4eb8-8205-eec8461f0238.jpg)
LG Electronics' latest robot vacuum cleaner was revealed at IFA 2025 held on Sept. 5 in Berlin, Germany. [LG ELECTRONICS]
Experts say long-term security management matters more than obtaining international certificates. “Hackers constantly develop new techniques,” said Ji Jae-deok, a cybersecurity researcher at Kookmin University. “Manufacturers must provide regular firmware updates and security patches after certification.”
The KCA also urged consumers to stay vigilant: “Always check for app updates, enable automatic security patches and change the default password to one of at least eight characters with letters, numbers and symbols,” a spokesperson said.
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY LEE GA-RAM [[email protected]]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)