Manufacturer Bricks Smart Vacuum After Engineer Blocks It From Collecting Data (tomshardware.com)
- Reference: 0179979064
- News link: https://hardware.slashdot.org/story/25/11/06/0223216/manufacturer-bricks-smart-vacuum-after-engineer-blocks-it-from-collecting-data
- Source link: https://www.tomshardware.com/tech-industry/big-tech/manufacturer-issues-remote-kill-command-to-nuke-smart-vacuum-after-engineer-blocks-it-from-collecting-data-user-revives-it-with-custom-hardware-and-python-scripts-to-run-offline
> An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That's when he noticed it was constantly sending logs and telemetry data to the manufacturer -- something he hadn't consented to. The user, [2]Harishankar , decided to block the telemetry servers' IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.
>
> He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again. After several rounds of back-and-forth, the service center probably got tired and just stopped accepting it, saying it was out of warranty. Because of this, he decided to disassemble the thing to determine what killed it and to see if he could get it working again. [...] So, why did the A11 work at the service center but refuse to run in his home? The technicians would reset the firmware on the smart vacuum, thus removing the kill code, and then connect it to an open network, making it run normally. But once it connected again to the network that had its telemetry servers blocked, it was bricked remotely because it couldn't communicate with the manufacturer's servers. Since he blocked the appliance's data collection capabilities, its maker decided to just kill it altogether.
>
> "Someone -- or something -- had remotely issued a kill command," says Harishankar. "Whether it was intentional punishment or automated enforcement of 'compliance,' the result was the same: a consumer device had turned on its owner." In the end, the owner was able to run his vacuum fully locally without manufacturer control after all the tweaks he made. This helped him retake control of his data and make use of his $300 software-bricked smart device on his own terms. As for the rest of us who don't have the technical knowledge and time to follow his accomplishments, his advice is to "Never use your primary WiFi network for IoT devices" and to "Treat them as strangers in your home."
[1] https://www.tomshardware.com/tech-industry/big-tech/manufacturer-issues-remote-kill-command-to-nuke-smart-vacuum-after-engineer-blocks-it-from-collecting-data-user-revives-it-with-custom-hardware-and-python-scripts-to-run-offline
[2] https://codetiger.github.io/blog/the-day-my-smart-vacuum-turned-against-me/
Duplicate Story (Score:1)
no text
Wow... (Score:2)
Wow...that really sucks...both the vacuum and what the manufacturer did with the remote kill command.
Definitely a new "law" in Asimov's Three Law's of Robotics.
JoshK.
Re: (Score:2)
[1]Nothing sucks like a vax [thefreedictionary.com]
[1] https://encyclopedia2.thefreedictionary.com/Nothing+sucks+like+a+vax
Smart Vacuum... (Score:1)
But dumb "editors".
Or deliberate editors... (Score:3)
They don't care for reasons they choose not acknowledge.
Their revenue appears unconnected to Slashdot importance, or is sufficient without the effort to restore quality. I find this interesting.
That's why they choose not to respond to (not the same as "ignore") valid criticism. The enshittification of Slashdot is deliberate. It's easy money for minimal effort.
Slashdot owners could easily replace editors with AI and arguably should since the threshold for acceptable "quality" has been so low for so long no
Re: (Score:2)
Apparently, somebody remotely bricked the editors a long time ago.
Story (Score:3)
Among the stories of strange things I have seen.. My wife had gotten into playing 'My singing monsters' which was downloadable for free with micro purchases or whatever. Not my kind of game, but she enjoyed it. I don't know how the game progresses, but she had built up her content for over a month on the free plan. One day the game just stopped working for her, showing some cryptic error. She started poking around in binary files despite me telling her it probably wouldn't be that easy, and she found a file that contained the words "customer refuses to pay for the game". Seems like it was some log that was placed in the game after it had presumably been disabled. Long story short, nothing attached to the internet is truly yours.
Pay attention Beau! DUPE. (Score:3)
It was just a couple of stinkin days ago.
"Bricks" (Score:3)
You keep using that word. I do not think it means what you think it means.
Smart vacuum? (Score:2)
Come on people. What the fuck are you doing here?
Dupe Story (https://yro.slashdot.org/story/25/11/0 (Score:2)
Well, since this is a dupe story from just a couple of days ago:
[1]https://yro.slashdot.org/story... [slashdot.org]
I may as well dupe the posts that declare this story is a dupe.
The dupe is dope, yo whaddup dawg?
[1] https://yro.slashdot.org/story/25/11/02/2241201/manufacturer-remotely-bricks-smart-vacuum-after-its-owner-blocked-it-from-collecting-data
Re: (Score:2)
In that case, I've got to tell you your duplicate post commenting about duplicate posts and duplicate replies is a duplicate.
It's duplicates all the way down.
Re: (Score:2)
Yo dawg, I heard you like dupes, so I duped your dupe, and put it in the dupe.
Impressive! (Score:5, Funny)
When [1]they did this on Monday [slashdot.org] I was annoyed. However, the fact that that they managed to remotely brick it again when it wasn't even online is just impressive!
I'm not one for DRM bullshit but I have to give them credit where credit's due. ;)
[1] https://yro.slashdot.org/story/25/11/02/2241201/manufacturer-remotely-bricks-smart-vacuum-after-its-owner-blocked-it-from-collecting-data
Re:Impressive! (Score:4, Funny)
> When [1]they did this on Monday [slashdot.org] I was annoyed. However, the fact that that they managed to remotely brick it again when it wasn't even online is just impressive!
> I'm not one for DRM bullshit but I have to give them credit where credit's due. ;)
Meh, I won’t be impressed until I read about the third bricking this weekend.
[1] https://yro.slashdot.org/story/25/11/02/2241201/manufacturer-remotely-bricks-smart-vacuum-after-its-owner-blocked-it-from-collecting-data
Re: (Score:1)
Am I the only one that thought the original story was so cool and interesting that when I saw a dupe, a feeling of "cool another take" precipitated and was only let down to find the chorus of peanut gallery 'we already did this' badgering instead of more new takes. Maybe its like what 4chan or whoever said about laughter, its only really funny the first time after that its not lol its the lulz?
Re: (Score:2)
I think it's fine, but when posting a new take, the Slashdot tradition is that you link to the old take so people don't have to go over that again. In that sense, Gravis Zero is doing Slashdot a great service.
I found a GitHub repo that Harishankar has contributed to but others here say that's not related. I wonder if
a) anyone can find some better info on what he's been doing?
b) anyone knows which of the various open source robot cleaner projects online are any good? Is buying a cheap one and taking it over
Re: (Score:2)
My TVs and my cameras, my wall switches, my light bulbs, my pool equipment, nothing is connected to the cloud. As the article suggests, create an IoT VLAN in your house if you can, and put everything there. I use HomeKit because Apple mandates that these devices can be controlled by a local hub offline, no MITM with a cloud server that will go under. Occasionally I let them talk to the internet for firmware updates, but even then, it's only if I happen to come across a feature release. I dont update firmwar
Re: (Score:2)
I am very proactive with segregating IoT stuff (even sub divided into 4 different VLANs), but often there is no choice and no way to know until after purchase. I bought a cold plunge (Michael Phelps Chilly GOAT) that didn't have "smart" as a sales feature, but it turns out the heat pump can only have the temperature changed by unscrewing six screws on the side panel, or using the godawful TUYA app. This version of TUYA is cloud only.
I had a plan when buying though-- I could hook up to the modbus port on the
Re: (Score:2)
It's just a duplicate from a couple of days ago.
Nothing new. Nothing novel. Just a dupe from a couple of days ago.
Re: (Score:2)
> When [1]they did this on Monday [slashdot.org] I was annoyed. However, the fact that that they managed to remotely brick it again when it wasn't even online is just impressive!
It's the Christmas season. Everybody loves a two-for-one deal.
[1] https://yro.slashdot.org/story/25/11/02/2241201/manufacturer-remotely-bricks-smart-vacuum-after-its-owner-blocked-it-from-collecting-data