An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That’s when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn’t consented to. The user, Harishankar, decided to block the telemetry servers’ IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.
If I don’t own it 100% then reimburse me if you disable it.
Say it with me. If buying doesnt mean 100% ownership…
then they will buy it
what…? how much money did that Roomba cost for him to spend that much time and effort on recoding it?!
First, it isn’t a roomba, second it says in the article how much it cost, third some people have hobbies and sometimes those hobbies are tinkering, dismantling and hacking things they supposedly own and that sometimes leads to revelations like this. Hope that helps.
He did it for the greater good. Clearly he’ll never be a politician with that level of integrity.
The fact that this isn’t considered outright fraud is disturbing. This person OWNS the device, yes? They’re not leasing it.
FFS, this should be illegal.
I agree with you that this should be illegal. I expect this was in the terms of service, though. Since we have no laws restricting this kind of bullshit, the company can argue that they’re within their rights.
We need some real legislation around privacy. It’s never going to happen, but it needs to. We need a right to anonymity but that is too scary for advertisers and our police state.
Terms of service need to stop being treated like law.
They’re not law as long as you can afford the lawyers and legal costs to fight them. Which is, of course, the problem and the system working as designed.
I expect this was in the terms of service, though
While I expect the same, there’s also just a reasonablility standard. If Meta and Google updated their TOS to say that users agreed to become human chattle slaves to mine cobalt and forfeit their rights, no court (…right, SCOTUS?..right?) would uphold that. A TOS is a contract, but it’s mostly for the protection of companies from liability. Takign active steps to brick someone’s device over the device not connecting to it’s C2 server (the company had zero evidence this was done intentionally and a router firewall misconfiguration could just have easily done the same thing), is IMO something that should result in a lawsuit.
Just because something’s written in the terms of service, doesn’t mean it’s legal.
Thats why any good terms of service have clauses that say if any part of this is deemed unenforceable or not legal or whatever, the rest of the terms remain intact, as I guess at some point in time, people were getting entire documents thrown out based off 1 thing.
There needs to be a huge neon orange warning on the Front of these products that explains, clearly, that you don’t own it, your privacy will be invaded and the company can disable it at anytime. This will stop people from buying this garbage, and hopefully companies will stop if they want our money.
My life rule is, if it says Smart on it, it’s never going to be smart. It will always cause trouble.
IMO “Smart” refers to the lawyers that got paid to write a 900-page TOS that lets a company do whatever they want.
No that’s called “smarmy”.
Stalkerware is criminal digital slavery. It is sale and ownership of a part of a person to manipulate and exploit them.
I think your comparison to slavery is a bit overblown and minimizes the tragedy of actual slavery. But I agree with the sentiment.
Having not read the article: “Let’s apply Hanlon’s Razor: Oh, probably it just collects the data locally and caches it until the vendor’s servers are reachable. After a while the data partition was full and it stopped working as this case was never deemed possible when this was developed.”
Having read that the kill command was logged and he found it in the logs: “ok, there are no technical details, so there might still be a misunderstanding, but that’s not what I expected!”
Why talk if you don’t know what you’re talking about? If you didn’t read the article whatever you say is irrelevant.
Why talk if you haven’t read the comment you replied to until the end?
As a layman, can someone explain what the ramifications of smart devices sharing your data is. I know it’s bad, but I don’t understand why it’s bad and how it’s used against you.
One aspect to consider is exactly what data these devices are exfiltrating from your network. You usually can’t see the contents of the telemetry sent, but given that a LOT of smart devices have cameras and/or microphones, do you really trust that your IoT devices are not sending back audio and or video recordings of the inside of your house?
I’m sure theres more than a few programmers here that secretly work on crap like this at work.
Email me the blueprints to your house, your address, name, and your favorite hobbies and I will tell you the answer.
A detailed room-mapping scan is basically a wealth report disguised as vacuum telemetry: square footage, room count, layout complexity, “bonus” spaces like offices or nurserie; all of it feeds straight into socioeconomic profiling. And once companies have that floor plan, they’re not just storing it; they’re monetizing it, feeding it into ad networks, data brokers, and pricing algorithms that adjust what you see (=and what you pay) based on the shape of your living space.
And a mapped floor plan also quietly exposes who lives in the home, how they move, and what can be inferred from that.
If they brick your device for wanting privacy, why should you trust them?
You might get some snarky comments, but the way I envision it is that the fuller of a picture companies can get of you (when you’re running a vacuum, when you’re driving, when your lights are on and off, etc.) the more data they have to try and run predictive analytics on your behavior and that can be used in a variety of ways that may or may not benefit you. At this point it’s mostly just to get you to buy things they think you’ll buy, but what happens when your profile starts to match up with someone who commits crimes? Maybe you get harassed by the authorities a little more often? Generally the lack of consent around how the data is collected and how it’s used is the problem most people have.
There’s something not working in this article.
They say it “makes sense” for the device to basically send the plan of your home to some online server, because the vacuum is not powerful enough to process this data on its own. This is already a bit horrifying to me, but okay.
And then when that guy blocked it out, the vacuum “worked for a while” before something sent the kill command through an update.
How come is it still working at all if navigation requires that server?
Most services today have user accounts so they can store your information, that way if you get a new phone for example, you can just sign into a new device and your content is there. So the maps, your configurations etc, are all sent to a remote server so it just works.
Having to manually connect to the robot each time, when you might not even be in the same country when you want to connect, doesn’t work if it’s all done locally.
Companies that want to offer connected services like this but are privacy centric could let you encrypt it before sending it so they can’t see what the contents are, but then you need to manage the idiot populace and their inability to properly secure this kind of information. Then, you start getting all sorts of support calls like I lost the encryption key and now I can’t access my map! What kind of stupid service makes me remap things when I change phones and forget something!?
So there’s no really getting around sending some data back to the server, but even IF they have it unencrypted, there’s no reason other than corporate profit taking to also be using that data. They don’t have to, but they will and do.
It’s not the navigation that requires the server but the processing of the mapping data.
Which in itself is BS because most of these vacuums come with hardware roughly equivalent of a top of the line smartphone from about 5-6 years ago. They can easily do the raw data to map conversion, even if it’s a bit slow and takes 20-30 seconds.
Also if you read the article it specifies that the damn thing is already running Google Cartographer which is a SLAM 3D map builder software - one of the better pro-grade mapping software suites, mind you. So the whole claim of cloud needed for processing is BS.
My VR headset can create pretty accurate 3D maps of my environment like nothing, and it only uses cameras to do so, so I can imagine it’s doable.
Then, yeah, it doesn’t “make sense” for that thing to externalize that.
It’s not that it’s impossible, but it requires effort, skill, and time. Instead of hiring a bunch of programmers who would make it run on the device locally, you can just throw the same amount of money at Amazon and it will run whatever unoptimised version of the renderer you stole on some random Chinese forum. As a bonus, you got to enrich a multibillionaire and make a world slightly worse place, which is a second and third priority of every CEO after getting money.
[email protected] -ahh title
My robot vac will only operate when connected to the Internet so it’s only allowed to communicate when actually in use. As soon as it returns to the charger Internet access is automatically blocked.
Unfortunately the manufacturer has deliberately made this as inconvenient as possible. If communication is blocked for more than a few hours the vacuum loses all maps and will no longer even load saved maps from the Tuya app. To use it the vac must be powered down and the app killed. Only then can a saved map be restored.
It’s too bad it’s so useful.
Name and shame.
from the Tuya app.
it’s only allowed to communicate when actually in use.
What’s the point? The manufacturer is interested in the map of your apartment and usage statistics. What do you think it’s sending when not in use? Does it have a microphone or something?
Since I haven’t pulled it apart or tried to decrypt the ssl traffic I have no idea whether it has “a microphone or something.” That’s the point.
Keeping it offline some of the time isn’t effective against passive data collection unless you’re willing to take the inconvenient step of factory-resetting it each time you’re about to use it. Anything it collects it can just hold onto until it next gets the chance to upload.
SmartTVs will hold onto your data as long as they have storage, even through a factory reset. So if you sell it and the next person hooks it up to the Internet then the data is uploaded.
I know it can be done, so it wouldn’t shock me at all to find out that it does happen, but do you know of any manufacturers who have been proven to do this?
SSL bold of you to assume that
Had a kill command actually been sent, or does the device just not work without a remote server talking to it every so often?
Because the second one is probably worse from a “what if this company goes bust” standpoint.
Man itd be great if there was an answer to this. Maybe in an article somewhere. Guess we’ll never know.
Not to fear! Here is the relevant part so the next person coming by doesn’t have to read the article:
deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.
(Image credit: Harishankar)
So, why did the A11 work at the service center but refuse to run in his home? The technicians would reset the firmware on the smart vacuum, thus removing the kill code, and then connect it to an open network, making it run normally. But once it connected again to the network that had its telemetry servers blocked, it was bricked remotely because it couldn’t communicate with the manufacturer’s servers. Since he blocked the appliance’s data collection capabilities, its maker decided to just kill it altogether. "Someone—or something—had remotely issued a kill command,” says Harishankar. “Whether it was intentional punishment or automated enforcement of ‘compliance,’ the result was the same: a consumer device had turned on its owner.”
it was bricked remotely because it couldn’t communicate with the manufacturer’s servers.
That bit seems inaccurate… if it couldn’t communicate it wasn’t bricked remotely… it was more like digital seppuku.
Earlier in the article he says that he only disabled some of the network connections but he left open the ones for firmware updates and stuff so to me it’s not impossible that it was able to receive remote commands although I would certainly want to see more technical details to satisfy my curiosity.
The article says in words that it was a remote command. But again, we don’t have any details supporting that description. So maybe the journalist got it wrong.
I would certainly want to see more technical details
Certainly. By default most home networks block incoming traffic but then again if the’s the tinkerer type his network will most likely not be default.
This is something I’ve never understood about firewalls. If the vacuum cleaner is uploading and downloading stuff from https://somecorpo.net/, what stops it from listening for remote commands on that same connwction?
Don’t worry, the quality of the modern hardware is so shitty, it will not outlive the company for long
Yeah, mine has it. I have to go into the app once a week and manually delete it.
Smart vaccuum that needs an app to use. Are we really this stupid, everyone?
Hello friend.
This seems like a good time to inform you that you have the option to communicate in such a way that you don’t make yourself look like an asshole.
As useful a smart device are, it’s very annoying that the company behind it are always either: 1) a scumbag that will collect data and will lockdown the device if people doesn’t use it their way; 2)incompetent idiots that can’t make a good software to save their life. So by using these device you basically have to pick the thing that you’re willing to lose.
It’s really too bad because robovac save me a lot of time and mental exhaustion.
I specifically got one which can run valetudo and it works great for over two years now. Without sending images of my flat to china or the us
I have just purchased a Dreame L10s Ultra and have had the PCB for a breakout board made and components for setting it up ordered. In a few days I should get the last bits and I will be able to root the device and have it connect to Valetudo managed through Home Assistant. Fully local operation with basically the same features but none of the privacy issues. As soon as I can get it connected I will be able to use it just like a robot I actually own should without some random third party being involved in every single operation.
