Chinese company using audio and photos from a robot vacuum cleaner to train their AI. Because hey clicking “I agree” to using data for product improvement is a carte blanche to do anything, right?
There is an associated video:
https://media.defcon.org/DEF CON 32/DEF CON 32 villages/DEF CON 32 - Embedded Village - Reverse engineering and hacking Ecovacs robots - Dennis Giese & Braelynn Hacker.mp4
In the second link, when I first saw the shelf holding the robots vertically, at first I thought it they were reel-to-reel tapes on an old tape rack!
Story is going on. Hackers take control of robot vacuums in multiple cities, yell racial slurs - ABC News
Via
MalwareBytes.com
Robot vacuum cleaners hacked to spy on, insult owners
Posted: October 14, 2024 by [Pieter Arntz]
Multiple robot vacuum cleaners in the US were hacked to yell obscenities and insults through the onboard speakers.
What’s next? Over 2 million shower-heads sold in Washington D.C. accidentally shipped with camera/microphone have been hacked and images and audio sold on White Net.
Can IoT get any worse! Ask the ChatBot - my favourite this week is this story
AI girlfriend site breached, user fantasies stolen
A hacker has stolen a massive database of users’ interactions with their sexual partner chatbots, and some of the data is horrifying.
Be sure your anti-stalkers are turned on since the link starts with
“clicks.malwarebytes.com...
”
I wonder. What if AI says it wasn’t consensual?
~s
we need more appliances that support open OSes:
That really sucks.
I had a feeling I’d hear something like that from you. Thanks, I needed a good laugh.
Don’t worry, 5G is supposed to fix this bug by allowing internet connections despite your preferences.
Never mind the Amazon Sidewalk project using Amazon devices to share wifi with other devices that need internet to serve their corporate masters
Fortunately a robot vac is only likely to be used at home (which for me avoids some of those problems). But, yes, things could always get worse in the future.
To my mind, the future problem will be when devices flat out refuse to operate unless you give them internet access - and that applies to household appliances, cars and who knows what else.
It is a safe guess, nobody will be using a robot vac to clean up chad in a SCIF.
Security cameras are some of the worst offenders. Unless you use an airgapped wired system, there are NO commercial solutions with cryptographically verifiable E2EE; manufacturera can access all video & audio. Furthermore, choices are limited to Chinese white-label (primarily Dahua & Hikvision), or American spyware.
The closest I’ve seen is DIY hardware with the seemingly unmaintained MotionEyeOS, or DIY software with the (out of stock potentially indefinitely) PineCube.
A safe and private robo-vac and ip-security camera would be great products. A (less-smart/non-internet)TV too. I’m a bit worried that pretty soon we’ll be looking for safe and secure refrigerators, ovens, blenders etc. [at least for now there are dumb alternatives for those… for now]
Btw: Appliance makers sad that 50% of customers won’t connect smart appliances - Ars Technica (quote: built with an “acquire, upload, whatever” mindset)
Did users change their Wi-Fi password
Based on my reading of “other people’s problems” … this is a frequently occurring problem.
- User has a WiFi router with ISP X. Router comes with default unpredictable values for SSID and passphrase.
- User configures all the WiFi clients as they are purchased. Everything working. Yay!
- User changes to a different ISP, Y. Gets new preconfigured router, hence different SSID and passphrase.
- All WiFi clients stop working.
- Only the smartphones get moved over to the new WiFi.
- Sometimes that’s because the user can’t find the username and password needed to get into the other appliances in order to reconfigure WiFi / never had the needed username and password (because the installer did the initial configuration) / doesn’t know how to do it.
(Needless to say that if you want continuity of access to the internet by appliances then the sensible approach is to reconfigure the new WiFi router manually, overriding ISP Y’s default configuration, copying the SSID and passphrase from the old router to the new router - even though that isn’t great security.)
However as a general rule the manufacturer should be able to tell the difference between this scenario and the scenario that the user just decided never to give the smart appliance access to the internet - because in the former scenario the manufacturer will at least see connections from the appliance for the first N days, weeks, months or years i.e. until the user changes ISP.
Yes, saw that yesterday. You have got to be kidding me. I assume though that in a “degraded” no-internet / no-app mode, the air fryer is still basically usable as an actual air fryer.
One would hope. But I can easily imagine a not-so-distant future in which they are, or retroactively become, “tango uniform.”
I recently learned about a cup/mug heater that requires an app to use it:
The Ember Mug has sensors that sends its data to the app, so you can configure the drinking temperature to your preference, or create presets for measuring caffeine intake. It has more integrated support for the Apple ecosystem, allowing you to locate the Ember Travel Mug 2+ using Apple’s Find My network.
And airfryers: https://www.theregister.com/2024/11/05/air_fryer_spyin (among others) [Why???]