Well, yes, that’s what those cheap “smart” devices do. Or does anyone think cheap smart would fit into that device? Rule of thumb: if a device needs internet access, it is spying on you.
Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House
Submitted 6 months ago by themachinestops@lemmy.dbzer0.com to technology@lemmy.world
https://futurism.com/robots-and-machines/robot-vacuum-broadcasting
Comments
Treczoks@lemmy.world 6 months ago
Landless2029@lemmy.world 6 months ago
!homeassistant@lemmy.world on a isolated vLAN is my goal.
Treczoks@lemmy.world 6 months ago
Yes, but some devices simply don’t work without calling home, or have 99% of their brain in a cloud. For those cases, the vLAN does not help.
ExLisper@lemmy.curiana.net 6 months ago
Yeah, I read about iRobot gathering and selling info about apartments like 10 years ago. People still alarmed by this are simply ignorant.
Clanket@lemmy.world 6 months ago
Ignorant of what?
ExLisper@lemmy.curiana.net 6 months ago
Ignorant of how smart vacuums work and how all connected devices are used to gather personal information that can be sold for profit.
andrew0@lemmy.dbzer0.com 6 months ago
This article just screams ragebait. Not that I am against making people aware of this kind of privacy invasion, but the authors did not bother to do any fact checking.
Firstly, they mention that the vacuum was “transmitting logs and telemetry that [the guy] had never consented to share”. If you set up an app with the robot vacuum company, I’m pretty sure you’ll get a rather long terms and services document that you just skip past, because who bothers reading that?
Secondly, the ADB part is rather weird. The person probably tried to install Valetudo on it? Otherwise, I have no clue what they tried to say with “reprinting the devices’ circuit boards”. I doubt that this guy was able to reverse engineer an entire circuit board, but was surprised when seeing that ADB is enabled? This is what makes some devices rather straight forward to install custom firmware that block all the cloud shenanigans, so I’m not sure why they’re painting this as a horrifying thing. Of course, you’re broadcasting your map data to the manufacturer so that you can use their shitty app.
But it doesn’t have to be like this. Shoutout to the people working on the Valetudo project. If you’re interested in getting a privacy-friendly robot vacuum, have a look at their website. It requires some know-how, but once it’s done, you know for sure you don’t need to worry about a 3rd party spying on you.
Monument@lemmy.sdf.org 6 months ago
I commented elsewhere, but I once had a soundbar that just had a no password ssh login. It was one of those ‘connect to your WiFi’ to stream music through models and for whatever reason, after connecting it to my WiFi, it continued to broadcast the publicly joinable setup network.
SSH was open to both the unsecured and secured networks, so anyone within WiFi distance of the device could have gained root control of it. Or if I had a sufficiently weak network setup, anyone online could have taken control of it.
MountingSuspicion@reddthat.com 6 months ago
Just checked out Valetudo. Gotta love the FOSS community. Can I ask if you’ve used it? If so, which vacuum did you set it up on?
andrew0@lemmy.dbzer0.com 6 months ago
I have a friend who set up a Dreame L10s Ultra. I helped them solder the breakout board, and was there when they flashed the new firmware. Relatively straight forward! Just follow the guide on the website and you should be good.
The robot is now accessible only on the local network, and they got it working in Home Assistant. The only feature that is missing now is direct camera view, which the original robot had. Basically, you could get a live feed of the robot at any time. Looked fun, but it was not necessary.
Alphane_Moon@lemmy.world 6 months ago
I am assuming the individual described in the article is based in the US, but nevertheless, many countries do not allow spying, fraud and criminality as long as you have a TOS that says you are allowed to do so.
This is a very provincial manner of thinking and shows how deeply tolerance of corruption and criminality dominates the American mind.
Same with the kill switch, it is essentially a fraudulent scheme, a criminal activity.
BarneyPiccolo@lemmy.today 6 months ago
Americans are conditioned to do a lot of things without thinking about it, but if they ever really stopped to consider it, they’d be outraged.
For instance, those heart-tugging ads for St Jude’s Children’s Hospital. It’s a great thing they do, taking in cancer kids, and covering all the expenses, even housing and food. They show grateful parents crying, because their kids have a chance because of the charity of St Jude and the viewers, and viewers shed a tear and donate.
It never occurs to anyone that in almost every other country in the world, such a place wouldn’t be necessary. Their cancer kids would simply be taken care of. No pomp about it, no commercials begging for donations, curing cancer kids is just business as usual.
But in America, your kid will just DIE unless you’ve got good health insurance (which is about to get a LOT more expensive), a lot of money, or hit the charity lottery.
But that never occurs to Americans watching that ad. They will dig into their pockets to send money to St Jude, before they will give money to a progressive candidate to change our health care system so it doesn’t require tear-jerking marketing to operate.
fistac0rpse@fedia.io 6 months ago
iLife A11 smart vacuum
Boozilla@lemmy.world 6 months ago
[deleted]db2@lemmy.world 6 months ago
Does anyone want any toast?
bytesonbike@discuss.online 6 months ago
Download the toaster app so you can make toast from anywhere!
the_riviera_kid@lemmy.world 6 months ago
readies my fourteen-pound lump hammer
nymnympseudonym@piefed.social 6 months ago
“Never sit down to program without a crowbar close at hand."
-Stanislaw Lem
Regna@lemmy.world 6 months ago
At first I thought ”Well, duh!”, but the manufacturer having a remote kill switch when he network blocked his vacuum from sharing his home map data with them, as well as unprotected root access when connecting to the vacuum… urgh.
Monument@lemmy.sdf.org 6 months ago
A few years ago I noticed an annoyance with a soundbar I had. After allowing it onto my WiFi network so we could stream music to it, it still broadcast the setup WiFi network.
While dorking around one day, I ran a port scan on my network the soundbar reported the port was open. I was able to log in as root and no password.
After a moment of “huh, that’s terrible security.” I connected to the (publicly open) setup network and successfully logged into ssh and copied the wpa_supplicant.conf file from the device and verified it had my WiFi info available to anyone with at least my mediocre skill level, and factory reset the device, never to entrust it with credentials again.givesomefucks@lemmy.world 6 months ago
At first I thought ”Well, duh!”
There was an ARS article years ago about it…
pipe01@programming.dev 6 months ago
Is it just me, or is having ADB exposed physically not that big a deal?
KazuyaDarklight@lemmy.world 6 months ago
Tend to agree, security is always the goal but if someone is in my house hacking my vacuum, I have bigger issues. The no-notice remote kill is the bigger issue to me.
kylian0087@lemmy.dbzer0.com 6 months ago
It is not good. But in most cases just adb doesnt grand root access. That’s just bad.
justsomeguy@lemmy.world 6 months ago
All crappy IoT devices ever made. They aren’t used in bot nets all the time because hackers like the challenge of hacking them so much. Security simply isn’t a priority.
Zwuzelmaus@feddit.org 6 months ago
I know very well why I installed valetudo before I even started my new vac for the first time 😁
valetudo.cloud
Ruthalas@infosec.pub 6 months ago
This is the way. It works great, I’ve been running it for years.
glimse@lemmy.world 6 months ago
I received a Tikom vacuum as a gift and was so sad to see I couldn’t installed Valetudo.
On the plus side, it works with no connection and so it’s only slightly less covenient to just…press the button on the vacuum itself when I take my dog for a walk. Gotta dump the tray from last time anyway