Forget your phone spying on you — maybe it’s your vacuum you should really be worried about.
In a post on his blog Small World, the computer programmer and electronics enthusiast Harishankar Narayanan detailed a startling find he made about his $300 smart vacuum: it was transmitting intimate data out of his home.
Narayanan had been letting his iLife A11 smart vacuum — a popular gadget that’s gained mainstream media coverage — do its thing for about a year, before he became curious about its inner workings.
“I’m a bit paranoid — the good kind of paranoid,” he wrote. “So, I decided to monitor its network traffic, as I would with any so-called smart device.” Within minutes, he discovered a “steady stream” of data being sent to servers “halfway across the world.”
“My robot vacuum was constantly communicating with its manufacturer, transmitting logs and telemetry that I had never consented to share,” Narayanan wrote. “That’s when I made my first mistake: I decided to stop it.”
The engineer says he stopped the device from broadcasting data, though kept the other network traffic — like firmware updates — running like usual. The vacuum kept cleaning for a few days after, until early one morning when it refused to boot up.
“I sent it for repair. The service center assured me, ‘It works perfectly here, sir,’” he wrote. “They sent it back, and — miraculously — it worked again for a few days. Then, it died once more.” Narayanan would repeat this process several times, until eventually the service center refused any more work, saying the device was no long in warranty.
“Just like that, my $300 smart vacuum transformed into a mere paperweight,” the techie wrote.
Seemingly more curious than ever, Narayanan now had no reason not to tear the thing apart looking for answers, which is exactly what he did. After reverse engineering the vacuum, a painstaking process which included reprinting the devices’ circuit boards and testing its sensors, he found something horrifying: Android Debug Bridge, a program for installing and debugging apps on devices, was “wide open” to the world.
“In seconds, I had full root access. No hacks, no exploits. Just plug and play,” Narayanan said.
Through a process of trial and error, he was eventually able to connect to the vacuum’s system from his computer. That’s when he discovered a “bigger surprise.” The device was running Google Cartographer, an open-source program designed to create a 3D map of his home, data which the gadget was transmitting back to its parent company.
In addition, Narayanan says he uncovered a suspicious line of code broadcasted from the company to the vacuum, timestamped to the exact moment it stopped working. “Someone — or something — had remotely issued a kill command,” he wrote.
“I reversed the script change and rebooted the device,” he wrote. “It came back to life instantly. They hadn’t merely incorporated a remote control feature. They had used it to permanently disable my device.”
In short, he said, the company that made the device had “the power to remotely disable devices, and used it against me for blocking their data collection… Whether it was intentional punishment or automated enforcement of ‘compliance,’ the result was the same: a consumer device had turned on its owner.”
Narayanan warns that “dozens of smart vacuums” are likely operating similar systems. “Our homes are filled with cameras, microphones, and mobile sensors connected to companies we barely know, all capable of being weaponized with a single line of code,” he wrote.
At the end of the day, it’s a stark reminder that for-profit tech often comes at a hidden cost — and one that doesn’t end after you pay at the register.
More on networks: Alarming New System Can Identify People Through Walls Using Wi-Fi Signal
First Appeared on 
Source link 

 
								 
								 
								 
								 
                     
                     
                     
                    
 
				 
				 
            