More importantly, they are raising consciousness of fundamental problems that can lead to very damaging consequences by doing cheap pranks with trivial consequences.
I use a robot vacuum not connected to the internet. It has a remote and the same settings as an internet connected robot vacuum such as radial pattern, along edges, spot clean, etc. I hope it spurs people to consider these kinds of tools that don’t need to be connected to the internet to function over tools that don’t have a local/offline mode.
this whole subthread is upsetting. horrifying to see HN glorify the antagonist. the family was made to feel unsafe in their own home. yes, the manufacturer was negligent but that does not make it okay, it just means multiple parties are at fault. don't spin roomba terrorists as do-gooders. this teenage hacker was spreading hate and fear.
My Roborock has a three button combination you have to press on the bot to enable remote viewing. I suppose once you do that all bets are off. But at least it requires access to the hardware and is off by default. Better if you could configure it to disable again after each use or periodically.
I'd really want this feature to keep an eye on my pets if I work away from home again. I could see buying a bot just for that.
My pup would be tormented by the vacuum following it around while I'm not there. She gets freaked out enough by a stationary PTZ camera on my bookshelf.
Maybe the fact it shows how these devices can spy might educate people on what IoT's are doing all day every day in their homes and around their kids. Would this be considered hactivism?
I'm half curious if they got some of the idea from Michael Reeves [1].
If anything, I'd expect it to proliferate with the easy access to GitHub and now LLMs. When I was a script kiddie we had to find tools on various forums attached as a .zip/.tgz and hope the supplied .exe/bin wasn't a virus. :)
Right. But the actual use case of being able to sell your home's floorplan and general cleaning schedule/behaviors/etc to advertisers requires cloud functionality, so you need some fig leaf to cover up the requirement...
I agree, local only would be great. But that's not aligned with the "sell a product once, sell the data collected forever!" model that most modern consumer tech products operate on.
Maybe a step further for privacy: a physical "config mode" toggle on top of the vacuum that enables the BlueTooth radio for a point-to-point connection with the phone app, then toggle it back when you're done. Wouldn't prevent the vacuum from caching data during its work and sending it when in config mode though, I suppose.
Hacked Robot Vacuums Across the U.S. Started Yelling Slurs - https://news.ycombinator.com/item?id=41815055 - Oct 2024 (1 comment)
Robot Vacuums Hacked to Shout Slurs at Their Owners - https://news.ycombinator.com/item?id=41812546 - Oct 2024 (1 comment)
Insecure Deebot robot vacuums collect photos and audio to train AI - https://news.ycombinator.com/item?id=41753983 - Oct 2024 (37 comments)
ABC News hacks into popular robot vacuum, watches owner through camera - https://news.ycombinator.com/item?id=41735871 - Oct 2024 (138 comments)
It's almost like you shouldn't connect random ass appliances to the internet.
My ancient roombas clean just fine with no cameras, internet, or AI nonsense.
Yep, I was gonna say exactly the same thing. Don’t connect it to the internet, just don’t do it.
God bless these teenage degenerates and their endlessly creative fuckery. They bring more color to the world.
More importantly, they are raising consciousness of fundamental problems that can lead to very damaging consequences by doing cheap pranks with trivial consequences.
Yeah these security holes they exposed were huge! I hope the company gets sued.
Lulz are a really cheap bounty program and a lot of kids value the opportunity to be a shitass way more than money.
... for invading someone's privacy and screaming racist obscenities in their home? i vehemently disagree.
I use a robot vacuum not connected to the internet. It has a remote and the same settings as an internet connected robot vacuum such as radial pattern, along edges, spot clean, etc. I hope it spurs people to consider these kinds of tools that don’t need to be connected to the internet to function over tools that don’t have a local/offline mode.
this whole subthread is upsetting. horrifying to see HN glorify the antagonist. the family was made to feel unsafe in their own home. yes, the manufacturer was negligent but that does not make it okay, it just means multiple parties are at fault. don't spin roomba terrorists as do-gooders. this teenage hacker was spreading hate and fear.
Consider the alternatives. Anyone else exploiting such a vulnerability would have worse intentions.
Perhaps, but it is possible to be a merry prankster and not use it as a way to spread hatred.
> Perhaps, but it is possible to be a merry prankster and not use it as a way to spread hatred.
Not a as way to spread hatred, no. As a way to spread love, uploading your naked pictures/videos on porn sites. /s
Getting racist slurs yelled at me by my robot vacuum is arguably the best outcome imaginable if someone hacked it.
> ... for invading someone's privacy and screaming racist obscenities in their home? i vehemently disagree.
"someone's privacy" was already raped by the company selling the product. If a random kid can see in your house, everybody can see.
"I have nothing to hide" i suppose./s
My Roborock has a three button combination you have to press on the bot to enable remote viewing. I suppose once you do that all bets are off. But at least it requires access to the hardware and is off by default. Better if you could configure it to disable again after each use or periodically.
I'd really want this feature to keep an eye on my pets if I work away from home again. I could see buying a bot just for that.
How do you know those buttons go to hardwired switches rather than being controlled by software that could be remotely hacked?
My thought exactly.
My pup would be tormented by the vacuum following it around while I'm not there. She gets freaked out enough by a stationary PTZ camera on my bookshelf.
Related Insecure Deebot robot vacuums collect photos and audio to train AI (82 points, 15 days ago, 37 comments) https://news.ycombinator.com/item?id=41753983
Maybe the fact it shows how these devices can spy might educate people on what IoT's are doing all day every day in their homes and around their kids. Would this be considered hactivism?
I'm half curious if they got some of the idea from Michael Reeves [1].
[1] - https://www.youtube.com/watch?v=mvz3LRK263E [video][11 mins][language, wear headphones maybe]
I’m immediately envisioning the watch dogs 2 “jumper” bot.
https://youtu.be/f5oKFufx2Z0?si=xGMEkAMZRgIqJuH_
Put Valetudo on it - https://valetudo.cloud/
Robot incompatible? That’d be a hard pass…
This looks great. Hard to find used robots it supports.
Uhm, Valetudo supports 35 different robots: https://valetudo.cloud/pages/general/supported-robots.html
Maybe not the model you’re looking for, but saying that you’re unable to find used, supported robots?
I was almost starting to think hacking had gotten too professional and commercialized for script kiddies to exist.
If anything, I'd expect it to proliferate with the easy access to GitHub and now LLMs. When I was a script kiddie we had to find tools on various forums attached as a .zip/.tgz and hope the supplied .exe/bin wasn't a virus. :)
These darn things don't need to be "cloud enabled", or even wifi. Please make them Bluetooth, etc only.
These dopey use cases of needing to trigger a cleaning while miles away have always seemed like a stretch.
Right. But the actual use case of being able to sell your home's floorplan and general cleaning schedule/behaviors/etc to advertisers requires cloud functionality, so you need some fig leaf to cover up the requirement...
I agree, local only would be great. But that's not aligned with the "sell a product once, sell the data collected forever!" model that most modern consumer tech products operate on.
Even if they're Bluetooth-only: AdTech will invent some way to send Ethernet packets over it, sooner than you might expect.
Maybe a step further for privacy: a physical "config mode" toggle on top of the vacuum that enables the BlueTooth radio for a point-to-point connection with the phone app, then toggle it back when you're done. Wouldn't prevent the vacuum from caching data during its work and sending it when in config mode though, I suppose.