For those with a robot vacuum you might want to look into Valetudo. Or just not connect it to the internet.
That really sucks.
The backend security bug effectively exposed an army of internet-connected robots that, in the wrong hands, could have turned into surveillance tools, all without their owners ever knowing.
Suprise, if it has cameras, microphones, gps, data mapping capabilities and speaks to a server outside of your home it is by definition is a surveillance tool.
All of this has always been predicated on the idea that the surveillance will never be used against you somehow. I don’t know why anyone ever bought into that.
Which is why we need to de-normalize this thought process. People should always ask, why does my vacuum need to go online? Or at the very least, can I turn that “feature” off?
because vacuum makers lock away advanced capabilities on the app making a home network the only way you can access them.
of course, when you’re shopping, it’ll use those advanced features as advertisements; but there’s no way to know that ahead of time unless you’re buying the most expensive models available.
if it has cameras, microphones, gps, data mapping capabilities and speaks to a server outside of your home
It has also happened with baby monitors. Well, almost endless other IoT devices too. But baby monitors are a particular issue. They have speakers in them too. Attackers were exploiting it and playing very disturbing sounds to cause extreme distress to babies.
Remember, the S in IoT stands for security.
I guess the most plausible explanation is incompetence, there wouldn’t be a reason to do this on purpose (a backdoor), right? Since the company could have easily used different credentials per device that they store anyway?
I would rather say ignorance. They just shit on IT-security for the sake of fast product launches.
A slightly similar event happened to Pudu service robots last year August. An auth token that could be used for all their robots.
Gosh, their drones are getting banned in the US. This just seems to help their case.
