[HN Gopher] Robot vacuum cleaners hacked to spy on, insult owners
___________________________________________________________________
Robot vacuum cleaners hacked to spy on, insult owners
Author : hampelm
Score : 36 points
Date : 2024-10-21 17:44 UTC (5 hours ago)
(HTM) web link (www.malwarebytes.com)
(TXT) w3m dump (www.malwarebytes.com)
| LinuxBender wrote:
| Maybe the fact it shows how these devices can spy might educate
| people on what IoT's are doing all day every day in their homes
| and around their kids. Would this be considered hactivism?
|
| I'm half curious if they got some of the idea from Michael Reeves
| [1].
|
| [1] - https://www.youtube.com/watch?v=mvz3LRK263E [video][11
| mins][language, wear headphones maybe]
| delichon wrote:
| My Roborock has a three button combination you have to press on
| the bot to enable remote viewing. I suppose once you do that all
| bets are off. But at least it requires access to the hardware and
| is off by default. Better if you could configure it to disable
| again after each use or periodically.
|
| I'd really want this feature to keep an eye on my pets if I work
| away from home again. I could see buying a bot just for that.
| joe_the_user wrote:
| How do you know those buttons go to hardwired switches rather
| than being controlled by software that could be remotely
| hacked?
| amelius wrote:
| My thought exactly.
| iAMkenough wrote:
| My pup would be tormented by the vacuum following it around
| while I'm not there. She gets freaked out enough by a
| stationary PTZ camera on my bookshelf.
| gnabgib wrote:
| Related _Insecure Deebot robot vacuums collect photos and audio
| to train AI_ (82 points, 15 days ago, 37 comments)
| https://news.ycombinator.com/item?id=41753983
| gedy wrote:
| These darn things don't need to be "cloud enabled", or even wifi.
| Please make them Bluetooth, etc only.
|
| These dopey use cases of needing to trigger a cleaning while
| miles away have always seemed like a stretch.
| Syonyk wrote:
| Right. But the _actual_ use case of being able to sell your
| home 's floorplan and general cleaning schedule/behaviors/etc
| to advertisers requires cloud functionality, so you need some
| fig leaf to cover up the requirement...
|
| I agree, local only would be great. But that's not aligned with
| the "sell a product once, sell the data collected forever!"
| model that most modern consumer tech products operate on.
| amelius wrote:
| Even if they're Bluetooth-only: AdTech will invent some way to
| send Ethernet packets over it, sooner than you might expect.
| accrual wrote:
| Maybe a step further for privacy: a physical "config mode"
| toggle on top of the vacuum that enables the BlueTooth radio
| for a point-to-point connection with the phone app, then
| toggle it back when you're done. Wouldn't prevent the vacuum
| from caching data during its work and sending it when in
| config mode though, I suppose.
| deepfriedchokes wrote:
| God bless these teenage degenerates and their endlessly creative
| fuckery. They bring more color to the world.
| woodrowbarlow wrote:
| ... for invading someone's privacy and screaming racist
| obscenities in their home? i vehemently disagree.
| Rygian wrote:
| Consider the alternatives. Anyone else exploiting such a
| vulnerability would have worse intentions.
| mordechai9000 wrote:
| Perhaps, but it is possible to be a merry prankster and not
| use it as a way to spread hatred.
| guestbest wrote:
| I use a robot vacuum not connected to the internet. It has a
| remote and the same settings as an internet connected robot
| vacuum such as radial pattern, along edges, spot clean, etc.
| I hope it spurs people to consider these kinds of tools that
| don't need to be connected to the internet to function over
| tools that don't have a local/offline mode.
| beAbU wrote:
| Getting racist slurs yelled at me by my robot vacuum is
| arguably the _best_ outcome imaginable if someone hacked it.
| marcosdumay wrote:
| More importantly, they are raising consciousness of fundamental
| problems that can lead to very damaging consequences by doing
| cheap pranks with trivial consequences.
| deepfriedchokes wrote:
| Yeah these security holes they exposed were huge! I hope the
| company gets sued.
|
| Lulz are a really cheap bounty program and a lot of kids
| value the opportunity to be a shitass way more than money.
| qmr wrote:
| It's almost like you shouldn't connect random ass appliances to
| the internet.
|
| My ancient roombas clean just fine with no cameras, internet, or
| AI nonsense.
| badgersnake wrote:
| Yep, I was gonna say exactly the same thing. Don't connect it
| to the internet, just don't do it.
| dijit wrote:
| I'm immediately envisioning the watch dogs 2 "jumper" bot.
|
| https://youtu.be/f5oKFufx2Z0?si=xGMEkAMZRgIqJuH_
| jowea wrote:
| I was almost starting to think hacking had gotten too
| professional and commercialized for script kiddies to exist.
| accrual wrote:
| If anything, I'd expect it to proliferate with the easy access
| to GitHub and now LLMs. When I was a script kiddie we had to
| find tools on various forums attached as a .zip/.tgz and hope
| the supplied .exe/bin wasn't a virus. :)
| moepstar wrote:
| Put Valetudo on it - https://valetudo.cloud/
|
| Robot incompatible? That'd be a hard pass...
| dang wrote:
| _Hacked Robot Vacuums Across the U.S. Started Yelling Slurs_ -
| https://news.ycombinator.com/item?id=41815055 - Oct 2024 (1
| comment)
|
| _Robot Vacuums Hacked to Shout Slurs at Their Owners_ -
| https://news.ycombinator.com/item?id=41812546 - Oct 2024 (1
| comment)
|
| _Insecure Deebot robot vacuums collect photos and audio to train
| AI_ - https://news.ycombinator.com/item?id=41753983 - Oct 2024
| (37 comments)
|
| _ABC News hacks into popular robot vacuum, watches owner through
| camera_ - https://news.ycombinator.com/item?id=41735871 - Oct
| 2024 (138 comments)
___________________________________________________________________
(page generated 2024-10-21 23:02 UTC)