The summary is that a tech-savvy guy noticed that his $300 smart vacuum was sending a lot of internet traffic over his WiFi network. He decided to block the data-logging; a few days later his device stopped working.
He several times sent it off for repair, received it in working condition, then had it fail again. Eventually, it was out of warranty and service was denied. This led him to undertake a serious reverse-engineering project, seeking to understand exactly what was going on. He eventually learned that:
The device was sending its Chinese manufacturer detailed data, including a map of his house
It stopped working in response to specific disable messages sent by the manufacturer
The general lesson here: Assume the worst about any “smart” device you own.
I have been looking for a decibel meter app for my smart phone. Reviews show that they do work but the free ones had an ad or two you have to watch each time you use it. I downloaded one that was supposed to be fairly benign. It would not operate until I allowed it to use my location and send “status” reports. So not only would it have sent my location and such, but I’m sure it would have been listening to me. Or my 5 horsepower leaf vacuum.
I chucked it and bought a real decibel meter online for $20.
Umm. What does some operator all the way over in China care what the floor plan of a non-descript house in the US is? And what can they do with the info?
I think I’ll wait on official reports other than some guy with a busted vacuum.
If this guy’s analysis is not to be trusted, then it is a hugely elaborate hoax. He has a github with all of his results and code. (Yes, anyone can make a github with anything in it, but again, the choices are extremely elaborate hoax or real.) As someone with lots of Linux experience, and who previously owned 4 different robot vacuums (all deceased), it does pass the smell test.
I really don’t have any idea why the manufacturer would want all of the information, as the vacuum can’t display ads or anything. Maybe they sell them with a special discount for embassies and federal offices? I think in many cases the data collection is done because they can, not because there is any real purpose.
Other purposes are sci-fi sounding, but also may be real. These are the kind of theories pushed by the US government in regards to the Huawei ban, and the just in the news today pending TP-Link ban. All of these devices give China insider access to networks all over the world. That access can be used for spying or disruption.
That some guy has an engineering degree and a significant amount of experience. You’re uneducated in anything technical and have zero experience in the field.
As an engineer, I can attest that engineers almost always view operational data as useful. An obvious reason that the maps might be uploaded is so that the company can evaluate how the vacuum navigates in differently shaped rooms, and tweak the algorithm to improve its performance. Of course, ethically, the desire for such data, and the details of exactly what is uploaded, has to be weighed against privacy issues.
However, sending a kill message to the vacuum is just evil.
This is not the way to get the public to trust having android butlers in our homes.
Have they made a horror movie yet about how a fascist billionaire’s army of android butlers will suddenly take over the country? (Other than the Futurama episode “Mother’s Day”).
