[HN Gopher] The day my smart vacuum turned against me
___________________________________________________________________
The day my smart vacuum turned against me
Author : codetiger
Score : 187 points
Date : 2025-10-07 14:34 UTC (7 days ago)
(HTM) web link (codetiger.github.io)
(TXT) w3m dump (codetiger.github.io)
| codetiger wrote:
| Thought I was just buying a smart vacuum. Turns out, it was a
| little spy on wheels. Here's the story of how my vacuum stopped
| working after I blocked its data uploads -- and how I uncovered a
| hidden remote "kill switch."
| altairprime wrote:
| Hi, thanks for describing what you've found -- but the details
| shared aren't enough for the community to reproduce your
| findings.
|
| What hostname/s did you block? What filename prevents auto-
| reboot? What firmware version is your device? Were any
| credentials necessary to access your robot's internal syslogs?
| Was the remote always precisely 8*86400 seconds after you
| powered on the repaired model?
|
| The repository contains only the barest "how to repurpose this
| device" details with no supporting material evident for your
| post's topic, "what the OEM OS was doing", which makes the
| final paragraph either wrong or misleading. Do you have a
| timeline in mind for when that will be published to GitHub?
|
| The story is marginally interesting, but without the technical
| details, it's more "this is completely unsurprising, see also
| nearly all in-home smart devices" and less "this is novel and
| interesting". (I concur with the outrage, but outrage alone
| does not satisfy.)
| taylodl wrote:
| This reveals a whole new channel of modern warfare. Imagine a
| nation state getting control of an adversaries' smart devices?
| You don't need to destroy capital-intensive infrastructure such
| as an electric grid if you can disable their ability to store and
| cook their food (internet connected ovens and refrigerators).
| That's morbidly fascinating, though I now realize I'm potentially
| open to such an attack.
| mft_ wrote:
| It struck me recently how vulnerable we are to small disrutpive
| attacks of the sort you mention, and more. For example, several
| major European airports were closed recently due to
| unidentified drone activity around them. I don't know if the
| authorities have figured it out, but in theory someone could
| cripple air travel for the cost of a few anonymous drones.
| wrs wrote:
| Check out _Mr. Robot_ S2E1, where someone is terrorized by
| their hacked smart house. Or 1977 's _Demon Seed_ , a film
| where an AI house does worse things. I really thought the
| latter would remain fictional, but I'm less sure now.
| dylan604 wrote:
| Lots of movie plots with hacking critical infrastructure.
| Hackers controlled the ballast of a ship. Some other
| movie(s??) have taken over the flow of oil/gas at refineries.
| The entire US electrical grid is nothing but a soft target. A
| Ukranian style sneak drone attack on enough substations would
| knock the entire country into a blackout without ever
| touching the generation plants.
| RajT88 wrote:
| Definitely stick with Mr. Robot.
|
| Unless it's Saturday Night and you're drunk. Then go for
| _Demon Seed_.
| reaperducer wrote:
| _Unless it 's Saturday Night and you're drunk. Then go for
| Demon Seed._
|
| Don't give Svengoolie any ideas!
| RajT88 wrote:
| Fellow Illinoisan I see. Recording Svengoolie is one of
| the main functions of my JellyFin box.
|
| Alas, lately it's mostly been 60's and earlier, when at
| one point it was a lot of 70's-90's stuff.
| Loughla wrote:
| Yeah but Young Frankenstein? Come on. That's going to be
| good.
|
| Sven is one of the few things I miss about living in
| Chicago.
| RajT88 wrote:
| Make no mistake, I am very excited for this weekend's
| broadcast.
|
| When I am away from home for extended periods, I like to
| watch Sven to get a taste of home. It's especially nice
| for after I return from travel and want to unwind.
|
| PSA: There's full broadcasts of Svengoolie up on
| Archive.org! Some uploaded by the man himself! ETA: A lot
| more than I realized; the last ~year some fellow has been
| recording and uploading them regularly.
| reaperducer wrote:
| _Fellow Illinoisan I see._
|
| Former Illinoisan, and happy that Sven is national on the
| MeTV network.
|
| I've heard he's now in commercials with Howard Ankin,
| which seems strange since he gets thrown out of the back
| of the hearse in the middle of each show!
| nonfamous wrote:
| Cassandra, a short series on Netflix, follows similar themes
| and is quite good (as long as you speak German or don't mind
| subtitles).
| loloquwowndueo wrote:
| Go for the phones. Watch "Leave the World Behind".
| SchemaLoad wrote:
| Phones are extremely hard to hack and getting harder. The
| phone hacking companies only bother targeting an extremely
| limited set of people because once it becomes widespread, the
| whole exploit chain gets patched and you have to spend
| millions of dollars developing a new one.
|
| With ARM Memory Tagging Extension becoming common on phones
| now it's getting borderline impossible to hack them.
| Rooster61 wrote:
| My wife thought I was being crazy for not connecting our Roomba
| to wifi when we bought it. I feel quite vindicated.
| codetiger wrote:
| Lesson learnt: Best thing to do for a smart device is not
| connect them to internet from day one. Though it beats the
| purpose to some extend, we don't have an option of buying dump
| devices anymore.
| theamk wrote:
| Well, one of the big upside of the modern smart vacuums is
| you can see the map it built, set up rooms or zones, do a
| virtual cleaning, etc... This (1) definitely requires some
| connectivity, and (2) has to go via central server if the
| phone is not on same subnet.
|
| Sadly, because of (2), most (all?) companies don't bother
| with local connectivity at all. Much easier to debug one
| codepath (via remote server) rather than two (remote server
| and direct connection).
|
| So yeah, if you are worried about device being remote
| controlled by its manufacturer, don't buy devices which say
| "Can be remote controlled" right on the box. But of course
| then you are back to ancient tech, setting physical virtual
| wall devices or bounding the clean area with overturned
| chairs.
| dylan604 wrote:
| what exactly is a virtual cleaning? i don't think it would
| be received well if I said I virtually cleaned something
| when asked
| thfuran wrote:
| >This (1) definitely requires some connectivity, and (2)
| has to go via central server if the phone is not on same
| subnet
|
| Why couldn't that just be over Bluetooth?
| jkestner wrote:
| That was my one condition when an air fryer entered the house.
| No connecting it. When they're putting WiFi on the cheapest
| models you know it's a profit center in spite of you not paying
| for it.
| conductr wrote:
| I've been doing this a long while, but I'm finding it harder as
| more devices share my WiFi credentials with each other without
| my permission/consent/or even knowledge.
|
| I recently moved into a new home and decided to take the
| opportunity to replace everything; it's been surprising how
| many things are just coming to life. TVs, vacuums, kitchen
| appliances, etc. Some of my new TVs won't even let me use the
| microphone on the remote until I give it my WiFi password. It's
| quite ridiculous the world we're creating for ourselves.
| cptskippy wrote:
| > Some of my new TVs won't even let me use the microphone on
| the remote until I give it my WiFi password.
|
| What brand?
| mcv wrote:
| I'm amazed this is so common. I don't think any of my
| household appliances require wifi access. Our PC, laptops,
| phones, tablets and printer do, of course. I do occasionally
| check which devices are connected to my wifi, and try to keep
| track of what's what, but there are always a few mysterious
| devices I don't recognise, so I block those just to see what
| stops working.
| heresie-dabord wrote:
| > My wife thought I was being crazy
|
| The real madness is to think that data harvesting _is not
| happening_.
| theamk wrote:
| Very dramatic presentation for something very mundane. Every
| computer has "remote control" of some sort - if anything, to
| install security updates. Without security updates, there is a
| good chance your devices will turn into huge botnet at some
| point. I believe that EU CRA even requires such backchannel.
|
| I can agree, however, that refusing to work without internet is
| be too much for the device which can support offline operation.
| codetiger wrote:
| Remotely triggered security updates are very common. But my
| experience in seeing remote command execution to disable a
| device is bit concerning. Having rtty software installed is
| another nightmare. Not sure if you call all these mentioned in
| the article mundane
| theamk wrote:
| You are letting it connect to manufacturer's servers, and
| allow it to execute unknown commands. You know that one
| command, "501", disables vacuum. There is a very good chance
| that there is some other remote command with "remote exec
| random command" functionality, you just didn't see it. There
| is also a good chance that there are already commands for any
| creepy things you might want to be worried about (like send
| camera video).
|
| So, given that, why are you worried about rtty specifically?
| It's likely a redundant debugging channel in case the main
| app crashes. It does not add any special functionality that
| main app does not have.
|
| Now re "disabling the device" - I wonder what command means?
| Could it be something like "local logs buffer full, pausing
| operation until upload is done"? Thinking about this more,
| your blog basically says:
|
| 1. vacuum works fine
|
| 2. you disable half of the ports on the firewall
|
| 3. vacuum stops working
|
| 4. you send it for warranty repair
|
| I was very surprised to see that 4 was "send it to warranty
| repair", instead of "re-open ports on firewall and see if it
| starts to work now". Did you try this? If not, then it's
| pretty likely the vacuum was not "bricked" in any sense, but
| rather was waiting forever for its logs to get uploaded.
| worik wrote:
| > Very dramatic presentation for something very mundane
|
| In what way is this mundane? The writer purchased a device, and
| after purchase the device was remotely disabled.
|
| Terrifying - that it happened is alarming but that it is now
| "mundane" is utterly chilling
| blutack wrote:
| Luckily it's supported by Valetudo so it can go back to work.
|
| https://valetudo.cloud/pages/general/supported-robots.html#i...
| altairprime wrote:
| I initially skipped this comment as sarcasm; it's not! For
| other readers, the context: Valetudo is a custom firmware
| project.
|
| > _Cloud replacement for vacuum robots enabling local-only
| operation_
| laulis wrote:
| Not a custom firmware.
| boomskats wrote:
| Custom man-in-the-middleware?
| hypfer wrote:
| Cloud replacement.
|
| Middle would imply there being another end still.
| mcv wrote:
| Local cloud running on your vacuum cleaner.
| LukeShu wrote:
| To expand on laulis' comment: Valetudo isn't a full custom-
| firmware, it's a mod for the existing firmware. You copy on
| the Valetudo daemon binary, fuss with the init scripts to
| start the daemon, and fuss with the DNS and such to point
| some domains at 127.0.0.1 to talk to that daemon instead of
| the normal servers (well, actually you probably download a
| firmware image from dustbin that already has those
| modifications applied).
|
| This is a distinction that is worth making because the robot
| is still running and relying on all of the on-robot
| proprietary code; it's just the in-cloud code that has been
| replaced.
| ghostpepper wrote:
| it's a bit of a blurry distinction because, what is
| firmware if not the software that runs on an embedded
| device? a more accurate description would be that the high-
| level operating system (HLOS) has been modified to include
| the installation of a drop-in-replacement for the cloud
| API. the client side, and whatever hardware abstraction
| layer lives below it, is untouched. so the client thinks
| it's talking to the server but it's actually talking to a
| local open-source server.
|
| I think it's also not quite correct to say the low-level
| firmware is unmodified, because with vale tudo you rely on
| the project author to provide a minimal rootkit that gets
| customized on a per-serial-number basis for the initial
| rooting.
|
| from a high-level though, it delivers what it says on the
| tin - cloud features without any requirement of packets
| leaving your network or even the robot itself.
|
| here's a talk from the author discussing his research
| https://www.youtube.com/watch?v=AfMfYOUYZvc
| switz wrote:
| I recently bought a robot vacuum, installed valetudo, installed
| tailscale _onto_ the robot itself and now I can control it from
| anywhere through my personal mesh vpn.
|
| It's pretty amazing. Valetudo is perhaps the most _opinionated_
| software I 've ever used, which comes with the good and the
| bad. But overall, it works and it does what it says it will do.
|
| I don't really _need_ to access it remotely, though it has come
| in handy: when heading out of town I can turn off the scheduled
| cleans and just run it once on the day I 'm returning home.
| Which is really the only functionality you would need the
| manufacturer-provided cloud connectivity for.
|
| It's been fun explaining to people that it's "declouded", but I
| can access it from anywhere. Melts non-tech peoples' brains a
| little bit.
| wrs wrote:
| The home office literally sshing into your appliance is a little
| surprising, but years ago when it came out that Tesla was doing
| this regularly to cars, I remember a lot of people saying this
| was common practice. (Maybe for things bigger than vacuums.)
| stevage wrote:
| The article is very vague on what actually caused the shutdown.
| Does he think a human triggered the kill command? Or the remote
| servers do this when they haven't heard from the device in a
| while? Or the device shuts itself down if it can't reach the
| servers?
| mindcrash wrote:
| Seemingly remote kill command, very likely punishment due to
| not receiving telemetry because that particular address was
| blocked through firewall:
|
| "2024/02/29, 14:06:55.852622 [LogKimbo][CAppSystemState] Handle
| message! cmd_id 501 RS_CTRL_REMOTE_EVENT, len 8 serialno 0"
|
| Note something being named RS_CTRL_REMOTE_EVENT
| stevage wrote:
| Yes, but automatic or manual? If automatic, what exactly was
| the trigger?
|
| I'd have been tempted to explore this further - does sending
| fake or repeated telemetry satisfy it?
| stronglikedan wrote:
| OT, but anything automatic was manually and intentionally
| implemented at some point
| conductr wrote:
| But is it malicious or innocuous? I could see just the
| assumption being made that if it hasn't phoned home it
| must be malfunctioning and ask risk mitigation then force
| it to brick. It's not super unreasonable considering very
| few people will ever block the comms.
| stevage wrote:
| I think OP said it claimed to be able to work offline.
| thfuran wrote:
| How is that reasonable? What about loss of network access
| makes vacuuming less safe?
| IshKebab wrote:
| Punishment due to not receiving telemetry? Please, that's
| fantasy land stuff.
|
| It might be a malfunction _caused_ by his blocking, but the
| idea that someone in HQ was like "guys, we've got someone
| blocking telemetry!" "disable his vacuum, the bastard".
|
| Or in some design meeting they were like "what do we do if a
| handful of privacy nerds block our telemetry?" "well.. I
| guess we should automatically disable their vacuums in a
| weird way so they repeatedly send them in for repair and it
| costs us loads of money".
|
| Come on, at least _try_ to live in the real world.
| fckgw wrote:
| >"The manufacturer had the power to remotely disable devices
| and used it against me for blocking their data collection."
|
| He posits that some low-level support person triggered a remote
| "kill switch" because he dared to block some telemetry servers
| which is, frankly, ridiculous.
| Bratmon wrote:
| So what's your explanation?
| fwip wrote:
| A much simpler explanation is that the device disabled
| itself after being unable to contact the cloud servers for
| X time (probably a bug), rather than an employee sending a
| kill command over the now-disabled cloud connection.
|
| The article is obviously AI-written, and also I very much
| doubt that these conclusions were reached without a
| sycophantic AI in their ear.
| thfuran wrote:
| He didn't posit that it was a manual action, only that the
| kill command came over the network.
| plasticeagle wrote:
| Most, if not all, of the article is written by AI.
| 3pt14159 wrote:
| I downvoted you for two reasons:
|
| 1. I didn't see any obvious AI ticks in the article.
|
| 2. If you want to claim that some slop is AI then please
| bring reasons. Even if they are the stuff of "there is too
| many em-dashes" then fine at least you brought something.
| nemomarx wrote:
| Top image is definitely AI, watermarked though so they're
| not hiding that.
|
| I do see a lot of em dashes throughout the opening, but at
| least one of them seems proper. "Inside, the iLife A11
| wasn't just a vacuum cleaner; it was a small computer on
| wheels." is also kind of an AI tick phrasing. And there's
| pretty heavy use of bullet points for listing things beyond
| what I would normally expect from a tech blog.
|
| (Also a lot of random lines are in block quotes for
| emphasis, but that could be a writing quirk. Kinda weird to
| read though)
|
| If you go through there's at least enough of a smell I
| suspect someone had an AI polish or edit their actual blog
| post here?
| reaperducer wrote:
| _I do see a lot of em dashes throughout the opening_
|
| Maybe he's using a Mac?
|
| Those of us who have been professional writers are quite
| comfortable with pressing |[?]-
| mcv wrote:
| The art is pretty obviously AI, though. But I didn't get
| that impression from the article.
| Zee2 wrote:
| This is AI-written.
|
| - Ten em-dashes
|
| - "not just A, but B" - wasn't just a vacuum
| cleaner; it was a small computer on wheels - they didn't
| merely create a backdoor; they utilized it - they hadn't
| merely incorporated a remote control feature. They had used it to
| permanently disable my device
|
| - incessant bullet points/markdown-style formatting
|
| - And an overly dramatic/promotional tone
|
| Obviously the image is AI as well, but /shrug
| hyperhello wrote:
| I don't see why you're being downvoted.
| adastra22 wrote:
| Because using good typography and editing is not a unique
| fingerprint of AI generated content.
| astrange wrote:
| AI's habit of writing every story as a bullet-point list
| really isn't a good writing style.
| schrijver wrote:
| I don't think there's any single way to be sure, but it
| sure reads like ChatGPT to me. Which I'm not sure is such a
| bad thing--I presume the author used an AI to help them
| write the story, but the story is real. Or maybe they
| edited it themselves to make it sound more generic.
| Whatever the reason, the style takes away from my reading
| experience. It's a blog post, I expect some personality!
| samename wrote:
| Yeah, stopped reading immediately when I noticed this
| hypfer wrote:
| > That was the moment my vacuum ceased functioning. The timestamp
| matched precisely with when it had stopped working, even though I
| hadn't touched the app.
|
| > 2024/02/29, 14:06:55.852622 [LogKimbo][CAppSystemState] Handle
| message! cmd_id 501 RS_CTRL_REMOTE_EVENT, len 8 serialno 0
|
| > Someone--or something--had remotely issued a kill command.
|
| Uuuuh are you sure that you're not reading a bit too much into
| the word "REMOTE" in that logline?
|
| These are some very strong accusations and opinions that to me
| don't feel like they're being backed up with equally strong
| evidence. At least not evidence that is part of that post.
|
| What even is a RS_CTRL_REMOTE_EVENT? Did you maybe check with
| e.g. Ghidra?
| hypfer wrote:
| Having thrown one version of everest-server of _a_ CRL-200S
| firmware (which might not be the one OP's firmware is running)
| into Ghidra and having found the string, this "REMOTE CONTROL"
| to me really does not look like it's executing remote commands.
|
| I mean it does, but not like shell commands but probably IR
| remote? The CRL-200S can be controlled via an IR remote, so it
| is possible that it saw something. The sun, perhaps?
|
| Feel free to prove me wrong on this of course.
| kazinator wrote:
| Your room dust now is being sucked up without swirling up a
| cloud, which is well and good---yet somehow you can't write the
| story about it without AI, or host it without the cloud.
| stronglikedan wrote:
| Louis Rossman would have a field day with this.
| manithree wrote:
| Unauthorized Bread
| curtisblaine wrote:
| The "kill switch" thing ridiculous dramatization, but I wonder if
| these telemetry endpoints are open and, if they are, how damaging
| would be flooding them with plausibile but incorrect data for a
| sustained amount of time.
| RHSeeger wrote:
| I'm surprised they didn't push back when they said it was out of
| warranty. They send it in for repair, and it was never fixed.
| They can either continue the process of trying to repair it, or
| refund the original cost of the device.
| mcv wrote:
| This kind of intentional remote bricking should be super illegal.
| I would really like to see a law that would allow the customer a
| full refund of the original purchasing price if the manufacturer
| remotely disables advertised functionality of a device for
| whatever reason. Because this kind of deceptive behaviour needs
| to be slapped down hard.
| missingcolours wrote:
| Most "smart" devices simply don't function without connectivity
| back to the manufacturer's cloud, and this is basically just
| the same thing with extra steps.
| webstrand wrote:
| It clearly doesn't need the cloud, it intentionally bricks
| itself if it can't exfiltrate it's logs. It's not like it's
| sending data necessary for its immediate operation.
| thfuran wrote:
| I think the extra step should be enough to technically
| constitute hacking and destruction of property.
| ianferrel wrote:
| The author of this article:
|
| 1. Has the technical skills to disassemble this device, trace
| circuit boards, _design his own boards and custom software_ to
| interface with components to substantially reverse engineer this
| device.
|
| 2. Is _totally mystified_ when his internet connected device
| stops working after he blocks its communication, and rather than
| try unblocking it and seeing if it works again, sends it out for
| repair repeatedly.
|
| Something here doesn't add up. Tastes like bullshit to me.
| thfuran wrote:
| >I began to feel like I was losing my mind. How could a simple
| IP block disable a vacuum cleaner that is supposed to work
| offline as well?
|
| It sure sounds like they were aware of the relation, just not
| how or why one thing led to the other.
| BoredPositron wrote:
| You are right the logical conclusion would be to send it for
| repair repeatedly.
| akerl_ wrote:
| Yea, I feel like this is the kind of thing that makes
| manufacturers resistant to open/hackable devices.
|
| I've done restrictive or invasive things to a variety of
| devices I own. But if something isn't working the way it
| should, "reset back to a clean default state and test
| again" always comes before trying to engage a warranty
| service process.
| akerl_ wrote:
| Yea; it's wild to me that they just kept sending the thing back
| for repairs.
|
| Were they even able to see what was inside the traffic they
| blocked? Or are they just assuming it's telemetry?
| varenc wrote:
| I had the same thought... and if an intentional manually sent
| kill command was sent to the vacuum to disable it, surely it'd
| be obvious that blocking its access to the internet entirely,
| not just the logging servers, would prevent this? I don't know
| why you wouldn't force it to be fully offline in the first
| place. Possible that by default that also causes it to brick
| itself.
|
| Also the very frequent use of `--` gives me ChatGPT vibes, but
| may just be for editing or a personal style. Still enjoyed
| reading it.
| metalcrow wrote:
| This also really looks like a chat GPT written article. Lot of
| keywords and specific phrases to that effect. It might be
| totally made up
| pinkmuffinere wrote:
| Just meaning this as feedback -- I hate these kinds of
| comments. Unless there is something concretely failing that
| you can point out, it's not very useful to say "it seems like
| chatgpt". I hate inaccurate articles as much as the next
| person, but "seems like chatgpt" is a criticism that can be
| lobbied at _every article_, and therefore loses value. For
| instance, I could very well claim that your comment looks
| like it's written by ChatGPT, and thus should be disregarded.
| And you could claim the same about this comment.
| Gabrys1 wrote:
| My guess would be that the manufacturer didn't remotely block the
| device, but rather the device itself did.
|
| If last connection time < N days ago and last M tries connecting
| were unsuccessful, then: brick myself.
|
| Still shitty, no doubt (and very similar to planned
| obsolescence), but the customer can un-brick by resetting to
| factory like they did in the service center.
___________________________________________________________________
(page generated 2025-10-14 23:00 UTC)