One man's robot vacuum was constantly communicating with its manufacturer, sending a detailed 3D map of his house halfway across the world.
  • Regna@lemmy.worldEnglish
    2161·
    2 months ago

    At first I thought ”Well, duh!”, but the manufacturer having a remote kill switch when he network blocked his vacuum from sharing his home map data with them, as well as unprotected root access when connecting to the vacuum… urgh.

    The engineer says he stopped the device from broadcasting data, though kept the other network traffic — like firmware updates — running like usual. The vacuum kept cleaning for a few days after, until early one morning when it refused to boot up.

    After reverse engineering the vacuum, a painstaking process which included reprinting the devices’ circuit boards and testing its sensors, he found something horrifying: Android Debug Bridge, a program for installing and debugging apps on devices, was “wide open” to the world. “In seconds, I had full root access. No hacks, no exploits. Just plug and play,” Narayanan said.

    • justsomeguy@lemmy.worldEnglish
      1041·
      2 months ago

      All crappy IoT devices ever made. They aren’t used in bot nets all the time because hackers like the challenge of hacking them so much. Security simply isn’t a priority.

      • KazuyaDarklight@lemmy.worldEnglish
        69·
        2 months ago

        Tend to agree, security is always the goal but if someone is in my house hacking my vacuum, I have bigger issues. The no-notice remote kill is the bigger issue to me.

        • subignition@fedia.io
          10·
          2 months ago

          The much bigger concern is that the pathway used to send the remote kill command could very easily be utilized by nefarious actors.

        • Riskable@programming.devEnglish
          34·
          2 months ago

          NO! It’syour device, you should have root! The fact that the manufacturer gives their product owners root is a good thing, not bad!

          I will die on this fucking hill.