> he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries.
This is extremely similar to what I accidentally discovered and disclosed about Mysa smart thermostats last year: the same credentials could be used to access, inspect, and control all of them, anywhere in the world.
The "smart" thermostat stuff is scary. I have Haier minisplits in my house and they have some "smarts" built into each head unit. The way it works from the user's perspective is you connect to the device in the GE Home app via Bluetooth, enter your WiFi network's credentials, then the minisplit joins your wifi network and phones home to GE Cloud. Then your GE Home app can monitor and control your minisplit via GE Cloud.
I haven't done anything to analyze it further, instead after trying that out once I promptly changed my WiFi password and never looked back. The long term solution will involve some ESP32s, AHT20 temp/humidity sensors, and IR rx/tx.
But it just occurred to me reading this that if there's a similar vulnerability in HVAC system controls an attacker could cause one hell of an unanticipated power demand spike.
My problem with smart thermostats is the user interface couldn't be more awful. It's just nuts. You cannot do anything without the squinty manual in one hand and the squinty touchscreen in the other. So, you finally get it programmed. Then you want to change something, and boom, start all over.
I gave up.
I use a simple dial the temperature, turn on/off thermostat. I turn it off when going to bed, turn it on in the morning. Very happy.
This is honestly why it's important to insist on Z-wave or Zigbee if you don't have control over the device firmware and must have smart controls. Why people don't seem to understand now that if it's "WiFi" it's suspect at best, I'll never understand.
The vulnerability was in their backend cloud structure. The backend wasn't restricting access to only devices associated with your account.
> Out of sheer laziness, I connected to the Mysa MQTT server and subscribed to the match-everything wildcard topic, #. I was hoping I’d see messages from a few more MQTT topics, giving me more information about my Mysa devices.
> Instead, I started receiving a torrent of messages from every single Internet-connected production Mysa device in the whole world.
The devices had unique IDs, but they were all connected to one big MQTT pub/sub system that didn't even try to isolate anything.
It's lazy backend development. This happens often in IoT products where they hire some consultant or agency to develop a proof of concept, the agency makes a prototype without any security considerations, and then they call it done because it looks like it works. To an uninformed tester who only looks at the app it appears secure because they had to type in their password.
I think it's about being a configuration management nightmare. If every device has a unique password, you need the decoder ring for serial number to password. However, not all processors have unique IDs. So you either need to find a way to reliably serialize each board during manufacturing and hope it stays (like a sticker/laser/printer/etc) or add a serial number chip which is cost and complexity. It's not impossible, it's just extra work that usually goes unrewarded.
As part of my thesis work almost 10 years ago I worked on a robot vacuum cleaner, (working on their sensor data) and one smart hardware implementation they had was that they had separated the computer vision module from the main board.
This way, only processed vision data would be physically sent to the main board. This constituted of mostly just "line segments", almost like a sparse point cloud, to detect obstacles and edges. They argued that this was more privacy safe because there's no way for the main module to access any raw vision data. It did however make the SLAM part harder to make work.
In hindsight, a good decision. I got one as a thank you for thesis work and it's still running just fine (with battery and brushes replaced once) and good to know that with the years of software update it still can't check me walking around in underwears in my apartment
Internet connections on devices are an anti feature to me. I need something to work reliably without internet. And then maybe add some extras through internet access through open and secure protocols, so I can always write my own implementation.
Why do companies insist on connecting every single device to the internet?
Fortunately it's mostly an optional feature, so still works just fine without it, but in general it's a pretty strong signal to me to not buy that product.
If one's goal was to force companies to implement better security for their products, it would probably be more efficient to cause maximum reputational damage to the companies, instead of just "responsibly disclosing" vulnerabilities.
It would temporarily suck for consumers, having their devices exploited and their privacy abused, but it would lead to wider awareness of the problem, shaming of the companies, financial and legal pressure, and hopefully change things in the long run.
Disclaimer: This is not a call to action to do illegal things. Your decisions are your own.
About 10 years ago I was at a startup that used one of the upstart 401k providers of the time. Logged in one day and could see several of my coworkers’ accounts. Really bad class of bug. Still not clear to me how they could have screwed up account atomicity so poorly but assume it was something to do with how they managed orgs.
I was pretty mad about it but also tried to play ball and not make too much of a fuss because I learned some pretty private things without meaning to and didn’t want to inadvertently make them public. Should have been more vocal.
I tend to err on the side of discretion as well. It's more professional.
Though over the years, I've learned to calibrate that discretion proportional to how much of a good-faith effort the counterparty involved seems to be making. If they clearly don't give a shit that they're incompetent, they can expect my megaphone to blare.
Paying almost a thousand - or more! - to have an overcomplicated device filled with sensors put into your most private sphere voulnerable to adverse elements unnecessarily (had a perfect dumb robot vacuum doing its job loaned to us once, but no-one sells such when they can sell bullshit for 4 times more, idiots buy it regardless), that is not smart....
Consumidiotsm, is the term comes to mind. Eating up crap, is the analogy from non-technical contexts. The side effect is, that buying properly made not overcomplicated and tedious to maintain (update, refresh, pair, disgnose, update and configure connected harware, click away pushy self-promotions, the way it is not exposing you to the manufacturer or everyone) products is tedious (loosing saved efforts). Poor others just want simple and robust, not fragile and risky tech-crap doing the core thing are left out.
(Robotic vacuum is a great concept! The available implementations in the other hand are rubish!)
Anyone who's somewhat technically inclined should, in my opinion, only be buying valetudo [0] compatible vacuums and replacing the default software as soon as possible.
I found the “Why Not Valetudo” page on that site extremely persuasive. I would consider myself technically inclined. I also own a robot vacuum so I can spend more time doing important things that leverage my skills. Valetudo does not serve this mission.
Very impressive, but I disagree that this is the clear best choice for anywhere close to anyone.
- all the same downsides as keeping the stock OS would have ("it's opinionated software", "it's not about you", and the last one "it's not a community" basically means "you can't tell me how to change my software and be confident I'll do it")
- that this fan project is not necessarily as polished as the original software (as I would have expected)
- Only supported robots are supported (as the author themselves say: duh)
- it only works in english
- you can't revert to stock software if you don't like it
For me, the latter is the only thing worth mentioning. You made me curious what all these compelling downsides are but the rest is obvious and the latter isn't surprising / I would have known to check beforehand
How did you come to the conclusion that it's not likely the right choice for nearly anyone? Do you think so many people wouldn't understand enough English to operate the controls of a robot vacuum cleaner? Have you found features to be missing or clunky/fragile enough that people would frequently want to revert to stock? Do you think people care so much about it being community-driven FOSS that they'd rather keep the proprietary OS instead of open source that isn't community-driven?
Btw I have no experience with the project whatsoever and am not involved, only interested in trying it out once we need a new vacuum. I just came to a very different conclusion and am quite surprised by yours
The main value proposition is privacy and security. If you are content with the privacy and security of your existing vacuum, then yes, I'd agree it's not for you. That being said, your critique seems to imply that Valetudo will increase your overall time spent managing the vacuum, and this has not been my experience. There is the initial setup time which I'm sure varies by robot, but for me took (conservatively) and hour or two, and then I never think about it again, to the same degree that I would before. You still have schedules, etc. and all the same features that make a robot vacuum a time saving item.
I have my Roomba programmed to start at 5pm every day. Multiple times now it's come to life at 7pm, gone straight to my bedroom, stayed for for 5-10 minutes, then come back home to its dock and gone back to sleep. I have no idea what's going on.
Does it even vacuum while it's in there? From what you wrote, it sounds like it just comes in, sits menacingly at the side of your bed, and then leaves...
I was in the living room and didn't follow it into the bedroom. It didn't sound like it ever turned on the vacuum. It has a mapping mode (I assume) where it drives around and doesn't vacuum.
Due to the wonders of technology, you can now do the equivalent of the Steven Wright joke:
“In my house there's this light switch that doesn't do anything. Every so often I would flick it on and off just to check. Yesterday, I got a call from a woman in Germany. She said, 'Cut it out.'”
> In order for the Romo, or really any modern autonomous vacuum, to function it needs to constantly collect visual data from the building it is operating in.
I specifically bought one without a camera or mic.
My Eufy claims to do all processing locally. I admit I never verified this (eg turn off the wifi while it's running - I should actually). But they were the only Chinese manufacturer that at least bothered to write anything about data locality and privacy in their marketing materials, and that got them my money.
Obviously at any point the brand can send a firmware update down the wire that does send a realtime video feed from my home right to Chairman Xi's bedroom. I'm aware of that, but the reality also is that the European/US brands currently don't get anywhere near the Chinese price/quality ratio, and I didn't want to muck about with Valetudo, I'm not courageous enough for that.
I'm not super happy about this situation but I am super happy about the robot. It's really very good.
> In order for the Romo, or really any modern autonomous vacuum, to function it needs to constantly collect visual data from the building it is operating in.
IMO the random bouncing of older Roombas was unfairly pilloried. Sure, it didn't look great, but in practice it was effective at cleaning.
I give up. Privacy's hopeless as none care. When so many are prepared to chuck privacy to the wind and connect a roving camera in their homes to an internet server that's not under their contol there's no hope. The few who do care are swamped by the numbers.
Anyway, what's all the fuss about (those affected couldn't give a damn about their privacy)?
I don't knowingly have any live cameras or microphones in my home other than my laptop and phone (I know those are big "buts", but still), and I plan to keep it that way.
I remind myself of this no matter how much convenience I may be missing out on. (Getting a TV without em is kinda hard!)
Planning in advance, same for any AR stuff, not in my life, I'm sticking to it.
I've just accepted that Microsoft, Google, and Meta all have a constant wiretap in my office (on account of my Windows PC, Android smartphone, and Meta VR headset).
It's rather dystopian to just know and accept this, but there's really no alternative if you want to participate in modern society at a normal capacity (sans the VR headset, that really isn't a necessity).
Something something, keep your enemies closer, right?
Unless you watch actual TV theres no reason to buy an actual TV in my opinion. You can get nicely large monitors and displays for pretty cheap, and a minipc or even a stick pc and youre good to go.
Both of my 'TV's are big monitors with some lenovo minipcs running debian. Hardwired, but i could wifi them if i want.
“Accidentally” is not accurate. He used AI to inspect the source and found credentials that work in all devices. He also never gained control of anyone else’s devices. He never used the exploit.
I didn't read the article but based on the title and subheading I assume they say "accidentally" because he was trying to reverse engineer the communication protocol to use his own device and he did not expect to find something as dumb as master credentials that would work on others' devices.
"Accidentally" as in his intent was to gain control of his own device but instead discovered what would in a just world be considered criminal levels of either incompetence or indifference to the most basic levels of security in the entire product line.
The robot in question is the DJI Romo, an autonomous home vacuum that first launched in China last year and is currently expanding to other countries. It retails for around $2,000 and is roughly the size of a large terrier or a small fridge when docked at its base station.
Unfortunately it doesn't fly.... although if it did, that would've made this even scarier.
Agreed, this sort of thing should at minimum be considered gross negligence at this point, but because regular consumers who buy these products rarely see and almost never understand these news articles it doesn't really impact sales so the company doesn't care.
If this discovery was guaranteed to result in meaningful fines companies would get their act together pretty quickly. 7000 counts of negligent exposure of private data (camera/mic feeds) should in a just world be millions of dollars in fines at the least and arguably criminal charges for management.
Exactly. If GDPR fines can be so high, then something like this that is pretty much intentionally leaking personal data should be in the same ballpark.
Consumers are not voting with their wallets, they do not care. Surveillance for profit will be illegal. Time for the Internet Bill of Rights. Trust me, it's coming. tyfyattm
Audio and video surveillance via robot vacuum is a feature: you can control the vacuum, see and hear the world from its perspective, and spy on your cats. I wish I were kidding.
China simply isn't interested in or understands privacy at the moment. I have some experience with cross border relations with them and getting them to sign and then care about data processing agreements we need for gdpr is something for sure...
My understanding is that there is no malice or incompetence, it's usually just "who cares"
Chinese engineers are knowingly surveilled by the state with no recourse. Commercial offerings of all shapes and sizes have cameras and microphones. It's just new tech.
In the US, Five Eyes, and abroad, there is at least some ceremony around calling this bad even though a similar apparatus is installed. (Supposedly with "checks and balances", but who knows?)
People in Western countries almost unanimously find corporate spying creepy. (Though ad tech has snuck in via convenience and invisibility.) We find cameras a hard line.
The TikTok and Twitch generation has different attitudes about always-on cameras, though.
My first think after reading title was "Silicon Valley" series (2014) and episode with Gilfoyle and taking control of smart fridges ;) Sorry. A but out of topic, but I had to mention ;)
Surely this also requires reporting DJI to the authorities for gross negligence? This is not an oopsie, this is deploying a surveillance network without telling anyone.
Every single one relevant to where you live? If you're in the US, the US. "Good fucking luck and lol" and all that, but do it anyway. In the EU? Your country has agencies for this, as does the EU as a whole. Perform your civic duties, they still count in the EU.
Somewhere else? I don't know man, the author sure seems to live in either of those two regions.
You know where to report things if you live on Earth and use the internet.
This is a DJI company? Ouch. [edit] ah it is right in the title of the og article. Wow. Just wow. In China we just use a broom, so maybe it is an oversight (aka no one uses this overprices crap)
One advantage of AI-generated copy is it generally doesn't make mistakes like this.
The only mistake I've noticed, besides inexplicably lapsing into Chinese mid-sentence, is parallel construction errors, like "This product is fast, lightweight, and won't break the bank!"
Well it only took until the 2nd paragraph, and the words "DJI’s remote cloud servers" for me to be forehead-slappingly disgusted again.
Obviously proper diligence wasn't followed with this product, and obviously this is going to be something we've all heard before, but why does a vacuum need to talk to a server at all?
And also, to go even further back, is there anything more leopards-ate-my-face than a compromised robo-vacuum? I have never understood the appeal of these things. Except as satire. Pushing a vacuum around takes minutes, once a month, all the more so when you live in a 3m x 3m box with 12 roommates, and is badly needed exercise for a lot of pathetic little nerd noodle-arms.
> Pushing a vacuum around takes minutes, once a month, all the more so when you live in a 3m x 3m box with 12 roommates
That's a lot of assumptions.
I budget an hour every couple of weeks to vacuum the entire house (kitchen more frequently, but that's quick). When we had pets, which we'll probably have again in the future, this had to be done weekly.
I get the frustration, but this is how pretty much all of the connected home devices on the market work. Sure, there are local-only versions of many of these things, but that sort of design is in the minority both in number of products and in sales.
And it makes sense: most people want this stuff to just work, and be accessible when they aren't at home on their WiFi network. The only reasonable way to do that these days is to have a central server that both the devices and the control apps connect to. Very few users (and yes I am one of them) are going to set up a local control server and figure out how to securely set up remote access to it.
It's a crappy situation that leads to security incidents like this one, but that's just where we are right now.
Regarding cleaning frequency: no need to repeat what the sibling commenter said, but I will say I suspect your cleaning needs are much lower than those of the average person.
> Pushing a vacuum around takes minutes, once a month,
Wait, you vacuum your living space *once a month*? If that is indeed the case, I am nit surprised you do not get the appeal. But everybody I know personally has a different understanding of cleanliness. We vacuum once a week at least and ans frequency only goes up if you have kids or/and pets.
> and is badly needed exercise for a lot of pathetic little nerd noodle-arms.
I get the implication, hahaha. But in all seriousness, our Robot vacuum was the only tech purchase that I ever made based on an explicit wish of my girlfriend.
These things really make life easier for lots and lots of people.
> he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries.
This is extremely similar to what I accidentally discovered and disclosed about Mysa smart thermostats last year: the same credentials could be used to access, inspect, and control all of them, anywhere in the world.
See https://news.ycombinator.com/item?id=43392991
The old joke: people who are into tech have an Alexa, a smart thermostat, a fridge connected to the internet.
People who work in tech keep an axe next to the toaster.
Do you want a slice of toast?....
1 reply →
The ideal spy army. Nobody expects the spanish inquisition I mean, being able to spy into households via cheap house-cleaning devices.
"Nobody expects the spanish inquisition…"
Why not? They bought roving cameras that surveil their homes and connected them to internet servers they neither own nor control.
They obviously don't give a shit about privacy or they've room-temperature IQs.
4 replies →
Some of us do. I specifically picked a device that (supposedly) lacked cameras and microphones. LIDAR seemed okay.
3 replies →
The "smart" thermostat stuff is scary. I have Haier minisplits in my house and they have some "smarts" built into each head unit. The way it works from the user's perspective is you connect to the device in the GE Home app via Bluetooth, enter your WiFi network's credentials, then the minisplit joins your wifi network and phones home to GE Cloud. Then your GE Home app can monitor and control your minisplit via GE Cloud.
I haven't done anything to analyze it further, instead after trying that out once I promptly changed my WiFi password and never looked back. The long term solution will involve some ESP32s, AHT20 temp/humidity sensors, and IR rx/tx.
But it just occurred to me reading this that if there's a similar vulnerability in HVAC system controls an attacker could cause one hell of an unanticipated power demand spike.
My problem with smart thermostats is the user interface couldn't be more awful. It's just nuts. You cannot do anything without the squinty manual in one hand and the squinty touchscreen in the other. So, you finally get it programmed. Then you want to change something, and boom, start all over.
I gave up.
I use a simple dial the temperature, turn on/off thermostat. I turn it off when going to bed, turn it on in the morning. Very happy.
1 reply →
This is honestly why it's important to insist on Z-wave or Zigbee if you don't have control over the device firmware and must have smart controls. Why people don't seem to understand now that if it's "WiFi" it's suspect at best, I'll never understand.
5 replies →
UniFi has ppsk setup where you can put an EU on a separate vlan with a separate password. Seems ideal for this
Edit: misread.
Is this cutting corners on manufacturing/assembly where they're skipping installing a unique set of keys on each device?
The vulnerability was in their backend cloud structure. The backend wasn't restricting access to only devices associated with your account.
> Out of sheer laziness, I connected to the Mysa MQTT server and subscribed to the match-everything wildcard topic, #. I was hoping I’d see messages from a few more MQTT topics, giving me more information about my Mysa devices.
> Instead, I started receiving a torrent of messages from every single Internet-connected production Mysa device in the whole world.
The devices had unique IDs, but they were all connected to one big MQTT pub/sub system that didn't even try to isolate anything.
It's lazy backend development. This happens often in IoT products where they hire some consultant or agency to develop a proof of concept, the agency makes a prototype without any security considerations, and then they call it done because it looks like it works. To an uninformed tester who only looks at the app it appears secure because they had to type in their password.
7 replies →
I think it's about being a configuration management nightmare. If every device has a unique password, you need the decoder ring for serial number to password. However, not all processors have unique IDs. So you either need to find a way to reliably serialize each board during manufacturing and hope it stays (like a sticker/laser/printer/etc) or add a serial number chip which is cost and complexity. It's not impossible, it's just extra work that usually goes unrewarded.
13 replies →
[dead]
As part of my thesis work almost 10 years ago I worked on a robot vacuum cleaner, (working on their sensor data) and one smart hardware implementation they had was that they had separated the computer vision module from the main board.
This way, only processed vision data would be physically sent to the main board. This constituted of mostly just "line segments", almost like a sparse point cloud, to detect obstacles and edges. They argued that this was more privacy safe because there's no way for the main module to access any raw vision data. It did however make the SLAM part harder to make work.
In hindsight, a good decision. I got one as a thank you for thesis work and it's still running just fine (with battery and brushes replaced once) and good to know that with the years of software update it still can't check me walking around in underwears in my apartment
Internet connections on devices are an anti feature to me. I need something to work reliably without internet. And then maybe add some extras through internet access through open and secure protocols, so I can always write my own implementation.
The dishwasher at my office has WiFi.
Why do companies insist on connecting every single device to the internet? Fortunately it's mostly an optional feature, so still works just fine without it, but in general it's a pretty strong signal to me to not buy that product.
For a brief, beautiful moment, one man came close to sucking more than any other person in human history.
If one's goal was to force companies to implement better security for their products, it would probably be more efficient to cause maximum reputational damage to the companies, instead of just "responsibly disclosing" vulnerabilities.
It would temporarily suck for consumers, having their devices exploited and their privacy abused, but it would lead to wider awareness of the problem, shaming of the companies, financial and legal pressure, and hopefully change things in the long run.
Disclaimer: This is not a call to action to do illegal things. Your decisions are your own.
About 10 years ago I was at a startup that used one of the upstart 401k providers of the time. Logged in one day and could see several of my coworkers’ accounts. Really bad class of bug. Still not clear to me how they could have screwed up account atomicity so poorly but assume it was something to do with how they managed orgs.
I was pretty mad about it but also tried to play ball and not make too much of a fuss because I learned some pretty private things without meaning to and didn’t want to inadvertently make them public. Should have been more vocal.
I tend to err on the side of discretion as well. It's more professional.
Though over the years, I've learned to calibrate that discretion proportional to how much of a good-faith effort the counterparty involved seems to be making. If they clearly don't give a shit that they're incompetent, they can expect my megaphone to blare.
Paying almost a thousand - or more! - to have an overcomplicated device filled with sensors put into your most private sphere voulnerable to adverse elements unnecessarily (had a perfect dumb robot vacuum doing its job loaned to us once, but no-one sells such when they can sell bullshit for 4 times more, idiots buy it regardless), that is not smart....
Consumidiotsm, is the term comes to mind. Eating up crap, is the analogy from non-technical contexts. The side effect is, that buying properly made not overcomplicated and tedious to maintain (update, refresh, pair, disgnose, update and configure connected harware, click away pushy self-promotions, the way it is not exposing you to the manufacturer or everyone) products is tedious (loosing saved efforts). Poor others just want simple and robust, not fragile and risky tech-crap doing the core thing are left out.
(Robotic vacuum is a great concept! The available implementations in the other hand are rubish!)
Anyone who's somewhat technically inclined should, in my opinion, only be buying valetudo [0] compatible vacuums and replacing the default software as soon as possible.
[0] https://valetudo.cloud/
I found the “Why Not Valetudo” page on that site extremely persuasive. I would consider myself technically inclined. I also own a robot vacuum so I can spend more time doing important things that leverage my skills. Valetudo does not serve this mission.
Very impressive, but I disagree that this is the clear best choice for anywhere close to anyone.
Also, the first line in "Why Valetudo?"
> First of all, please do not try to convince people to use Valetudo.
A good realist position for such a project to take.
2 replies →
For anyone else wondering, "Why Not Valetudo" <https://valetudo.cloud/pages/general/why-not-valetudo.html> lists:
- all the same downsides as keeping the stock OS would have ("it's opinionated software", "it's not about you", and the last one "it's not a community" basically means "you can't tell me how to change my software and be confident I'll do it")
- that this fan project is not necessarily as polished as the original software (as I would have expected)
- Only supported robots are supported (as the author themselves say: duh)
- it only works in english
- you can't revert to stock software if you don't like it
For me, the latter is the only thing worth mentioning. You made me curious what all these compelling downsides are but the rest is obvious and the latter isn't surprising / I would have known to check beforehand
How did you come to the conclusion that it's not likely the right choice for nearly anyone? Do you think so many people wouldn't understand enough English to operate the controls of a robot vacuum cleaner? Have you found features to be missing or clunky/fragile enough that people would frequently want to revert to stock? Do you think people care so much about it being community-driven FOSS that they'd rather keep the proprietary OS instead of open source that isn't community-driven?
Btw I have no experience with the project whatsoever and am not involved, only interested in trying it out once we need a new vacuum. I just came to a very different conclusion and am quite surprised by yours
1 reply →
The main value proposition is privacy and security. If you are content with the privacy and security of your existing vacuum, then yes, I'd agree it's not for you. That being said, your critique seems to imply that Valetudo will increase your overall time spent managing the vacuum, and this has not been my experience. There is the initial setup time which I'm sure varies by robot, but for me took (conservatively) and hour or two, and then I never think about it again, to the same degree that I would before. You still have schedules, etc. and all the same features that make a robot vacuum a time saving item.
I wonder if Claude could do a good job or setting this up for someone not technically inclined
Until it can disassemble a robot to attach a programmer to the mainboard, it cannot.
1 reply →
I have my Roomba programmed to start at 5pm every day. Multiple times now it's come to life at 7pm, gone straight to my bedroom, stayed for for 5-10 minutes, then come back home to its dock and gone back to sleep. I have no idea what's going on.
Does it even vacuum while it's in there? From what you wrote, it sounds like it just comes in, sits menacingly at the side of your bed, and then leaves...
I was in the living room and didn't follow it into the bedroom. It didn't sound like it ever turned on the vacuum. It has a mapping mode (I assume) where it drives around and doesn't vacuum.
1 reply →
Due to the wonders of technology, you can now do the equivalent of the Steven Wright joke:
“In my house there's this light switch that doesn't do anything. Every so often I would flick it on and off just to check. Yesterday, I got a call from a woman in Germany. She said, 'Cut it out.'”
At scale, over the Internet.
> In order for the Romo, or really any modern autonomous vacuum, to function it needs to constantly collect visual data from the building it is operating in.
I specifically bought one without a camera or mic.
My Eufy claims to do all processing locally. I admit I never verified this (eg turn off the wifi while it's running - I should actually). But they were the only Chinese manufacturer that at least bothered to write anything about data locality and privacy in their marketing materials, and that got them my money.
Obviously at any point the brand can send a firmware update down the wire that does send a realtime video feed from my home right to Chairman Xi's bedroom. I'm aware of that, but the reality also is that the European/US brands currently don't get anywhere near the Chinese price/quality ratio, and I didn't want to muck about with Valetudo, I'm not courageous enough for that.
I'm not super happy about this situation but I am super happy about the robot. It's really very good.
Isn't Eufy the one that marketed fully local smart cameras that actually just streamed to the cloud unencrypted?
3 replies →
> In order for the Romo, or really any modern autonomous vacuum, to function it needs to constantly collect visual data from the building it is operating in.
IMO the random bouncing of older Roombas was unfairly pilloried. Sure, it didn't look great, but in practice it was effective at cleaning.
Are there any like that that would have automatic emptying?
Roborock q revo
7 replies →
How do you know? For sure, I mean?
I wrapped mine in foil to be safe and now it's fabulous
I mean your coffee maker could be a one-off spy device with nation-state backing. But it seems unlikely.
23 replies →
Does your smartphone have a mic?
You've brought up such a brilliantly useless point to this discussion. I'm really appreciative of your efforts
Smartphones at least have some semblance of security, whereas iot devices are a free for all
1 reply →
Original story: https://news.ycombinator.com/item?id=47047808
I give up. Privacy's hopeless as none care. When so many are prepared to chuck privacy to the wind and connect a roving camera in their homes to an internet server that's not under their contol there's no hope. The few who do care are swamped by the numbers.
Anyway, what's all the fuss about (those affected couldn't give a damn about their privacy)?
I don't knowingly have any live cameras or microphones in my home other than my laptop and phone (I know those are big "buts", but still), and I plan to keep it that way.
I remind myself of this no matter how much convenience I may be missing out on. (Getting a TV without em is kinda hard!)
Planning in advance, same for any AR stuff, not in my life, I'm sticking to it.
I've just accepted that Microsoft, Google, and Meta all have a constant wiretap in my office (on account of my Windows PC, Android smartphone, and Meta VR headset).
It's rather dystopian to just know and accept this, but there's really no alternative if you want to participate in modern society at a normal capacity (sans the VR headset, that really isn't a necessity).
Something something, keep your enemies closer, right?
Unless you watch actual TV theres no reason to buy an actual TV in my opinion. You can get nicely large monitors and displays for pretty cheap, and a minipc or even a stick pc and youre good to go.
Both of my 'TV's are big monitors with some lenovo minipcs running debian. Hardwired, but i could wifi them if i want.
Zero tracking, zero bullshit.
I have a roomba It has never been connected to wifi and I’ve never used a phone app for it (I don’t have a phone)
It works perfectly.
a room a?
1 reply →
“Accidentally” is not accurate. He used AI to inspect the source and found credentials that work in all devices. He also never gained control of anyone else’s devices. He never used the exploit.
I didn't read the article but based on the title and subheading I assume they say "accidentally" because he was trying to reverse engineer the communication protocol to use his own device and he did not expect to find something as dumb as master credentials that would work on others' devices.
"Accidentally" as in his intent was to gain control of his own device but instead discovered what would in a just world be considered criminal levels of either incompetence or indifference to the most basic levels of security in the entire product line.
The robot in question is the DJI Romo, an autonomous home vacuum that first launched in China last year and is currently expanding to other countries. It retails for around $2,000 and is roughly the size of a large terrier or a small fridge when docked at its base station.
Unfortunately it doesn't fly.... although if it did, that would've made this even scarier.
Companies this inept really need to get fined.
Like how many layers of people had to have OKed having the same password for all of them? It’s incompetence on an impressive scale.
Agreed, this sort of thing should at minimum be considered gross negligence at this point, but because regular consumers who buy these products rarely see and almost never understand these news articles it doesn't really impact sales so the company doesn't care.
If this discovery was guaranteed to result in meaningful fines companies would get their act together pretty quickly. 7000 counts of negligent exposure of private data (camera/mic feeds) should in a just world be millions of dollars in fines at the least and arguably criminal charges for management.
Exactly. If GDPR fines can be so high, then something like this that is pretty much intentionally leaking personal data should be in the same ballpark.
Just one underpaid dude.
Consumers are not voting with their wallets, they do not care. Surveillance for profit will be illegal. Time for the Internet Bill of Rights. Trust me, it's coming. tyfyattm
https://taylor.town/roombas-with-fart-spray
He couldve cleaned up....
> [...] the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio [...]
Sorry what? Why would a vacuum cleaner even need a microphone?
As an impractical idea, echo location popped into my head.
Control by voice? Not that absurd.
Audio and video surveillance via robot vacuum is a feature: you can control the vacuum, see and hear the world from its perspective, and spy on your cats. I wish I were kidding.
https://youtu.be/TltYXEDoong?t=412
2 replies →
control what?
"get out of my room"?
I bet he had the world's cleanest floor.
How long before there is a claw controlled network of robot/device spies and soldiers?
China simply isn't interested in or understands privacy at the moment. I have some experience with cross border relations with them and getting them to sign and then care about data processing agreements we need for gdpr is something for sure...
My understanding is that there is no malice or incompetence, it's usually just "who cares"
Chinese engineers are knowingly surveilled by the state with no recourse. Commercial offerings of all shapes and sizes have cameras and microphones. It's just new tech.
In the US, Five Eyes, and abroad, there is at least some ceremony around calling this bad even though a similar apparatus is installed. (Supposedly with "checks and balances", but who knows?)
People in Western countries almost unanimously find corporate spying creepy. (Though ad tech has snuck in via convenience and invisibility.) We find cameras a hard line.
The TikTok and Twitch generation has different attitudes about always-on cameras, though.
My first think after reading title was "Silicon Valley" series (2014) and episode with Gilfoyle and taking control of smart fridges ;) Sorry. A but out of topic, but I had to mention ;)
Surely this also requires reporting DJI to the authorities for gross negligence? This is not an oopsie, this is deploying a surveillance network without telling anyone.
It is gross negligence, but to which authorities are you reporting them to and which criminal violations are you claiming they broke?
Every single one relevant to where you live? If you're in the US, the US. "Good fucking luck and lol" and all that, but do it anyway. In the EU? Your country has agencies for this, as does the EU as a whole. Perform your civic duties, they still count in the EU.
Somewhere else? I don't know man, the author sure seems to live in either of those two regions.
You know where to report things if you live on Earth and use the internet.
This is a DJI company? Ouch. [edit] ah it is right in the title of the og article. Wow. Just wow. In China we just use a broom, so maybe it is an oversight (aka no one uses this overprices crap)
I invoke Hanlon's Razor [0]. Never attribute to malice that which is adequately explained by stupidity
0: https://en.wikipedia.org/wiki/Hanlon%27s_razor
I reject this razor on the basis that the author is more than clearly not stupid.
Please don't edit the title
Well - imagine how many cat furs can be vacuumed with this!
This should be a supervillain origin story.
"sneak peak"
Sigh
https://slate.com/culture/2012/01/stealth-mountain-the-twitt...
One advantage of AI-generated copy is it generally doesn't make mistakes like this.
The only mistake I've noticed, besides inexplicably lapsing into Chinese mid-sentence, is parallel construction errors, like "This product is fast, lightweight, and won't break the bank!"
> parallel construction errors, like "This product is fast, lightweight, and won't break the bank!"
I'm failing to see the error. That seems like perfectly sound, vernacular English.
1 reply →
Well it only took until the 2nd paragraph, and the words "DJI’s remote cloud servers" for me to be forehead-slappingly disgusted again.
Obviously proper diligence wasn't followed with this product, and obviously this is going to be something we've all heard before, but why does a vacuum need to talk to a server at all?
And also, to go even further back, is there anything more leopards-ate-my-face than a compromised robo-vacuum? I have never understood the appeal of these things. Except as satire. Pushing a vacuum around takes minutes, once a month, all the more so when you live in a 3m x 3m box with 12 roommates, and is badly needed exercise for a lot of pathetic little nerd noodle-arms.
> Pushing a vacuum around takes minutes, once a month, all the more so when you live in a 3m x 3m box with 12 roommates
That's a lot of assumptions.
I budget an hour every couple of weeks to vacuum the entire house (kitchen more frequently, but that's quick). When we had pets, which we'll probably have again in the future, this had to be done weekly.
I get the frustration, but this is how pretty much all of the connected home devices on the market work. Sure, there are local-only versions of many of these things, but that sort of design is in the minority both in number of products and in sales.
And it makes sense: most people want this stuff to just work, and be accessible when they aren't at home on their WiFi network. The only reasonable way to do that these days is to have a central server that both the devices and the control apps connect to. Very few users (and yes I am one of them) are going to set up a local control server and figure out how to securely set up remote access to it.
It's a crappy situation that leads to security incidents like this one, but that's just where we are right now.
Regarding cleaning frequency: no need to repeat what the sibling commenter said, but I will say I suspect your cleaning needs are much lower than those of the average person.
>once a month
We vacuum and mop our kitchen and dining room daily. It gets dirty, especially when you have young kids.
> Pushing a vacuum around takes minutes, once a month,
Wait, you vacuum your living space *once a month*? If that is indeed the case, I am nit surprised you do not get the appeal. But everybody I know personally has a different understanding of cleanliness. We vacuum once a week at least and ans frequency only goes up if you have kids or/and pets.
> and is badly needed exercise for a lot of pathetic little nerd noodle-arms.
I get the implication, hahaha. But in all seriousness, our Robot vacuum was the only tech purchase that I ever made based on an explicit wish of my girlfriend.
These things really make life easier for lots and lots of people.
His code sucks...
Tough crowd. Even the robots got the suction reference.
Terrible writing in the article.
>It retails for around $2,000 and is roughly the size of a large terrier or a small fridge when docked at its base station.
So, large terriers, and small [presumably 'smart'] fridges can have docking stations?
accidentaly a god, a sucky kinda god, but a god none the less " I command thee to make vanish the minor sins of this world my minions"