Yes, I saw that story about the robot vacuum cleaner. The device combines the twin evils of surveillance capitalism and poor security. What’s not to like.
If I had such a device (I don’t), no way would I give it access to the internet.
Here would be an idea for (that now forgotten) privacy respecting open software robot/droid… that vacuums - and maybe doesn’t have wireless online features at all. Market seems to be missing such.
I was looking at one of the pics of the bigger bots - a black cylindrical menace. Just add a plunger or a tazer, and either a SuperAI will take over the world or there will be “based on true events” evilHacker b-movie: They foolishly combined two evils… and created a third!
Chinese company using audio and photos from a robot vacuum cleaner to train their AI. Because hey clicking “I agree” to using data for product improvement is a carte blanche to do anything, right?
https://media.defcon.org/DEF CON 32/DEF CON 32 villages/DEF CON 32 - Embedded Village - Reverse engineering and hacking Ecovacs robots - Dennis Giese & Braelynn Hacker.mp4
Multiple robot vacuum cleaners in the US were hacked to yell obscenities and insults through the onboard speakers.
What’s next? Over 2 million shower-heads sold in Washington D.C. accidentally shipped with camera/microphone have been hacked and images and audio sold on White Net.
Can IoT get any worse! Ask the ChatBot - my favourite this week is this story
Fortunately a robot vac is only likely to be used at home (which for me avoids some of those problems). But, yes, things could always get worse in the future.
To my mind, the future problem will be when devices flat out refuse to operate unless you give them internet access - and that applies to household appliances, cars and who knows what else.
Security cameras are some of the worst offenders. Unless you use an airgapped wired system, there are NO commercial solutions with cryptographically verifiable E2EE; manufacturera can access all video & audio. Furthermore, choices are limited to Chinese white-label (primarily Dahua & Hikvision), or American spyware.
The closest I’ve seen is DIY hardware with the seemingly unmaintained MotionEyeOS, or DIY software with the (out of stock potentially indefinitely) PineCube.
A safe and private robo-vac and ip-security camera would be great products. A (less-smart/non-internet)TV too. I’m a bit worried that pretty soon we’ll be looking for safe and secure refrigerators, ovens, blenders etc. [at least for now there are dumb alternatives for those… for now]
Based on my reading of “other people’s problems” … this is a frequently occurring problem.
User has a WiFi router with ISP X. Router comes with default unpredictable values for SSID and passphrase.
User configures all the WiFi clients as they are purchased. Everything working. Yay!
User changes to a different ISP, Y. Gets new preconfigured router, hence different SSID and passphrase.
All WiFi clients stop working.
Only the smartphones get moved over to the new WiFi.
Sometimes that’s because the user can’t find the username and password needed to get into the other appliances in order to reconfigure WiFi / never had the needed username and password (because the installer did the initial configuration) / doesn’t know how to do it.
(Needless to say that if you want continuity of access to the internet by appliances then the sensible approach is to reconfigure the new WiFi router manually, overriding ISP Y’s default configuration, copying the SSID and passphrase from the old router to the new router - even though that isn’t great security.)
However as a general rule the manufacturer should be able to tell the difference between this scenario and the scenario that the user just decided never to give the smart appliance access to the internet - because in the former scenario the manufacturer will at least see connections from the appliance for the first N days, weeks, months or years i.e. until the user changes ISP.
The device combines the twin evils of surveillance capitalism and poor security. What’s not to like.
I had a feeling I’d hear something like that from you. Thanks, I needed a good laugh.