He’s going to have a heart attack to find out that the floor plan to most houses are available online and have been for a long time.
Since I dont see it mentioned, the company is
iLife
iLife makes vacuums that map your house and can be remote controlled
Just so we are clear. You should all up your name and shame game.
For real. It’s wild how often people don’t just straight up call out bad corps.
Oh crap. I had one. It committed suicide off the stairs
All modern robot vacuums do this. Amazon and Zillow actually buy that data too.
o7 thank you for your service
I mean, UCSC researchers used WiFi to detect a human heartbeat.
Sheeesh, his fucking mobile phone mapped and photographed his house long ago.
I picture the phone doing it the way it was done in The Dark Knight. That scene when Lucius Fox was in China and had to volunteer a phone to security.
I wasn’t aware about this with regards to mobile phone tbf. I know you are spied upon on your phone camera, but mapping the house with the phone? Do you mean like Dark Knight stuff?
These arricles are meant to be rage bait for the techno-illiterate. As you said, cell phones mapped your house long ago as well as your smart TV, or any appliance that requires an internet connection.
People traded in their privacy for convenience.
+1 Indeed!
In addition, Narayanan says he uncovered a suspicious line of code broadcasted from the company to the vacuum, timestamped to the exact moment it stopped working. “Someone — or something — had remotely issued a kill command,” he wrote.
“I reversed the script change and rebooted the device,” he wrote. “It came back to life instantly. They hadn’t merely incorporated a remote control feature. They had used it to permanently disable my device.”
In short, he said, the company that made the device had “the power to remotely disable devices, and used it against me for blocking their data collection… Whether it was intentional punishment or automated enforcement of ‘compliance,’ the result was the same: a consumer device had turned on its owner.”
They kill switched it remotely. Yikes.
All IoT devices do this to keep you from blocking their data collection. They won’t work reliably without a regular ping home. They lock up if they can’t phone home frequently enough.
More likely it killed itself after not being in contact with home base. Since it worked fine elsewhere
Couldn’t someone just google the photos of the house that the realtor took and then compile a map? 🤔
I don’t understand why these devices need an internet connection?
Some of these connect to a smartphone App through Wi-Fi. Connecting to internet and uploading stuff are not shown to the owner but might happen in the background.
We need bluetooth devices back, there’s no reason for 99.999999% of devices to have your network password.
Seriously, MQTT on your home server or router or whatever and let things talk to eachother THERE. Keep the conversation INSIDE the LAN. This cloud shit is all about building expensive, unnesscarry dependencies.
Exactly. Local connection. Why the fuck does it need access to some server somewhere? I am sorry… but if they have updates for their shit available they need different ways of making it available.
Also why the fuck does the company need audio recordings from your home? That is literally spy shit. And why does it need the layout? Even if they were doing it purely to improve their products and make them be able to work around confusing layouts and obstacles then that shit needs your full knowledge and consent… and you can withdraw consent at any time for any reason.
I am too tired to rant further.
100% agree.
Unless they artifically bloat their patch/update file sizes, I’d imagine sending it through your phone to the device over bluetooth would work fine.
I’d even, personally, prefer they use a wifi link directly between my phone and the device while it updates before I give it free access to my lan.
For a robot vacuum, wi-fi works best because you should be able to leave the phone in one room while the bot goes clean all the other ones. Bluetooth needs line of sight.
Never used a robot vacuum, but the idea is that you set it up once and never think about it, right?
So you’d set it up once with bluetooth, then disconnect and let it do its job.
Software updates could cause issues, though if they release a finished product it wouldn’t need any or much of those if it works for you already. And updates can be managed over bluetooth.
To upload a map of your home duh
“secret”. Sweet summer child, you’ve been mapped down to your quarks for decades, and building plans have been at Town Hall since… Louis XIV?
It reminds me of when Google added everyone’s phone numbers to search. Everyone freaked out. “What do you mean anyone can find my number?!” And this is back when phone books were ubiquitous.
It’s pointless now as anyone actually making a call (scammers) buys numbers from providers or other thieves. But it’s really interesting how publicly available data being more publicity available can be scary.
I bought a $300 fake Roomba thing. It was on clearance.
And i fought against it for years. But ended it up coming in clutch for a lot of reasons.
It did not have an app, just a IR controller. Its pretty dumb. It bumps into everything. It gets stuck under things. I sometimes have to create a maze so it cleans a specific spot.
Its been a habit of mines to avoid anything with an app that requires internet access. But the product lines are shrinking, and I know at some point, if I want a Roomba, I’ll need to invite always-on AI or whatever.
You can have the best of both worlds. There’s a lot of smart home stuff that isn’t owned by a corporation. For vacuums, Valetudo is amazing and fun to set up, if not a little nerve wracking risking bricking your expensive appliance.
There’s some models that work with Matter and a local home server. There’s also a couple you can flash with open source software to keep it all local.
For those interested, there are some vacuum models listed on this project: https://valetudo.cloud/
It can get technical (since they want people to learn), but the documentation is pretty detailed.
Such a boring dystopia :/
I don’t care if they map my house, just give me raw access to the data. Them having access to the speaker and mic, i’m more concerned about.
or…just buy a vacuum cleaner and vacuum your house? you don’t need smart devices for everything.
Robot vacuum is like the best thing we have invented in the last 10 years
I just use a vacuum or a broom. Cheaper, cheaper to replace, and free exercise
Vacuuming your place while you go get groceries is pretty nice, according to my late mother. And her favorite feature was: the thing easily fit under the bed, so she didn’t have to remind herself she was not as spry as she used to be.
Sorry life is busy If you have responsibilities, that’s why you live like me and just retire early on social assistance.
I know very well why I installed valetudo before I even started my new vac for the first time 😁
At first I thought ”Well, duh!”, but the manufacturer having a remote kill switch when he network blocked his vacuum from sharing his home map data with them, as well as unprotected root access when connecting to the vacuum… urgh.
The engineer says he stopped the device from broadcasting data, though kept the other network traffic — like firmware updates — running like usual. The vacuum kept cleaning for a few days after, until early one morning when it refused to boot up.
After reverse engineering the vacuum, a painstaking process which included reprinting the devices’ circuit boards and testing its sensors, he found something horrifying: Android Debug Bridge, a program for installing and debugging apps on devices, was “wide open” to the world. “In seconds, I had full root access. No hacks, no exploits. Just plug and play,” Narayanan said.
A few years ago I noticed an annoyance with a soundbar I had. After allowing it onto my WiFi network so we could stream music to it, it still broadcast the setup WiFi network.
While dorking around one day, I ran a port scan on my network and the soundbar reported port 22 (ssh) was open. I was able to log in as root and no password.
After a moment of “huh, that’s terrible security.” I connected to the (publicly open) setup network, ssh’d in, and copied the wpa_supplicant.conf file from the device to verify it had my WiFi info available to anyone with at least my mediocre skill level. I then factory reset the device, never to entrust it with any credentials again.Name and shame, what make and model was it?
All crappy IoT devices ever made. They aren’t used in bot nets all the time because hackers like the challenge of hacking them so much. Security simply isn’t a priority.
The ‘S’ on IoT stands for security!
There isn’t an s in IoT silly.
Woosh? Either Yours or mine :)
I keep seeing you everywhere and the only reason I won’t block you is because of your username brightening my day every time I see it. Curse you!
When that is the light in your day…
Is it just me, or is having ADB exposed physically not that big a deal?
Tend to agree, security is always the goal but if someone is in my house hacking my vacuum, I have bigger issues. The no-notice remote kill is the bigger issue to me.
The much bigger concern is that the pathway used to send the remote kill command could very easily be utilized by nefarious actors.
To do what, wear out one section of carpet faster than the rest of your house?
If a hacker can get into the device remotely it can be an entry point to your home network.
Remote “kill”
Where does it end? First it wears down your carpets and then we’re in Maximum Overdrive.
It finds a sharp corner to rub against and hones itself into a stabby bot.
It is not good. But in most cases just adb doesnt grand root access. That’s just bad.
NO! It’syour device, you should have root! The fact that the manufacturer gives their product owners root is a good thing, not bad!
I will die on this fucking hill.
I agree with you. But granting root straight from adb with 0 auth is not good.
yes and no… i agree with the sentiment, but with root you can extract wifi credentials and various other secrets… you shouldn’t be able to get these things even when you have physical access to the device… the root access itself isn’t the problem
Well, yes, that’s what those cheap “smart” devices do. Or does anyone think cheap smart would fit into that device? Rule of thumb: if a device needs internet access, it is spying on you.
!homeassistant@lemmy.world on a isolated vLAN is my goal for “Smart” devices.
Yes, but some devices simply don’t work without calling home, or have 99% of their brain in a cloud. For those cases, the vLAN does not help.
There’s a version of every device that doesn’t phone home. I switched to HomeAssistant a couple years ago now, and I think all of my stuff is finally local as of a few months ago, including my robot vacuum.
valetudo.cloud/
Then don’t buy those devices. If you have any excuse as to why you “can’t do that”, then there’s zero point in complaining. I’m not saying your complaints are invalid, and companies should be held accountable and criticised. But as long as people buy privacy violating products, companies will continue to violate privacy.
Very valid and true point, but that requires companies to openly admit that they’ve made their devices to not work if it can’t phone home, and no company is gonna do that. At best, they’ll tell you it needs internet access, but even then they’ll probably downplay it.
Either that or some poor sacrifice will have to be the guinea pig and buy the thing to test it and tell others. Ah, I guess Consumer Reports could do that at least.
Thankfully there are groups to replace boards or flash some devices. I need to keep better bookmarks to plug them.
