hckrnws
> he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries.
This is extremely similar to what I accidentally discovered and disclosed about Mysa smart thermostats last year: the same credentials could be used to access, inspect, and control all of them, anywhere in the world.
The old joke: people who are into tech have an Alexa, a smart thermostat, a fridge connected to the internet.
People who work in tech keep an axe next to the toaster.
No way I'm putting an axe near an appliance like that. I need to sleep at night.
Do you want a slice of toast?....
i dont want any smegging toast!
Smeg actually makes a toaster. It's expensive, looks cute, and doesn't work that well when compared to a far cheaper toaster oven.
This applies to most Smeg products. Which is a shame, they used to be really good and long-lasting.
I can't speak to their quality, but every time I see their name, I wonder about how they're received in England: Americans might generally be unaware, but "smeg" as a name doesn't land well there, as I understand it.
A UK comedy called RedDwarf used variations of smeg as a mild expletive quite liberally. When asked some of the producers claimed they made it up to get around broadcast rules, but most people think it's a shortening of smegma.
Aaaah, so you're a waffle man.
No. I don't want no waffles. No toast. No crumpets. No scones. No smegging heated bread products of any kind.
So, do you want a slice of toast?
I'm sorry Dave, I can't toast that.
The ideal spy army. Nobody expects the spanish inquisition I mean, being able to spy into households via cheap house-cleaning devices.
Some of us do. I specifically picked a device that (supposedly) lacked cameras and microphones. LIDAR seemed okay.
I picked something that can be rooted and made cloud-free with Valetudo for the same reason
Why can't I pay to express my consumer preferences? Why must I deliberately buy broken stuff and fix it myself?
There's enough broken stuff to fix at work.
> Why can't I pay to express my consumer preferences? Why must I deliberately buy broken stuff and fix it myself?
I guess it comes down to "market failure."
Many people would probably say that they care about security/privacy/maintainability of their electronic devices, but in practice they buy based on cost and features, and they remain oblivious to security/privacy/maintainability unless and until there's a major problem.
This is probably rational behavior for most consumers:
There's no real way for them to evaluate claims about security/privacy/maintainability of their devices. Basically every Internet-connected device advertises an enormous list of security-flavored bullet points. "Supports IEEE 802.11g/n/ac/ax, including Wi-Fi Easy Connect for secure passwordless connections", "Secure Boot to ensure only authorized firmware runs on the device", "Hardware cryptographic acceleration", "24/7 monitoring by our dedicated security incident team", yadda yadda.
But those claims don't in any way cover the massive attack surface of a cloud-connected device where the server and client sides have been co-developed with a bunch of rushed and dangerous assumptions about how neither the client to the server will ever talk to any misconfigured or adversarial peer. Finding those kinds of security vulnerabilities is basically my stock in trade.
<elmo_on_fire.gif>
>Why can't I pay to express my consumer preferences?
Cool, I'll start a HW-FOSS robo-vac company in California tailored to your consumer preferences, that will be profitable without selling your data. Buy one for only $4,999. Orders start now.
...fast forward 12 months ...
Damn, why did we already go out of business, I thought according to consumer preferences, people would pay 10x markup for privacy compared to spyware Chinese models?
You'd deserve to go out of business for charging customers $4,999.
You could make a healthy profit selling a robot vacuum for under $200 although you'd probably want models that cost a bit more for customers who wanted something more fancy (https://cookierobotics.com/060/)
"Nobody expects the spanish inquisition…"
Why not? They bought roving cameras that surveil their homes and connected them to internet servers they neither own nor control.
They obviously don't give a shit about privacy or they've room-temperature IQs.
Ordinary users don't know. They bought a robo-vac, they do not necessarily know it comes with a microphone or camera.
I work in tech, I never thought about buying one, so I never looked into them. Still, I am surprised they come with microphones.
IoT, internet privacy, spyware, etc. have been repeatedly in the news ad nauseam since about 2000. If they don't know by now where have they been for the past quarter century?
The first and most obvious question an owner should ask "why does a vacuum cleaner need to talk with the internet?" It's hard to have sympathy for people who go out of their way to act dumb.
This is a failure of regulation, not personal responsibility. Consumers should not have to threat-model their vacuum cleaner. That should be on the manufacturer, and when they fail like this they should be punished severely.
You are correct that a sane government would protect their customers from being secretly surveilled by companies who will do whatever they want with their customer's most private data including selling it to others. Americans should also know that we don't have a government that protects consumers from products that harm them even when that harm is well known. It's unfortunate, but until that changes people do have to threat-model their internet connected devices, just like they have to threat-model their food, their children's toys, their cosmetics, their health supplements, their cookware, their clothing, and just about everything else we buy.
Fair point.
> Still, I am surprised they come with microphones.
Me too, what are they for?
well spying, probably.
But let's suppose you are designing RoboVac vers. 1.0 OS, 1.0 OS does not use microphone, but one of our smart fellows wrote a document suggesting that we might want to have RoboVac be voice controlled! Maybe we can roll that out by 1.4, with some simple commands!! Let's put a Microphone in so we can add that feature later.
Later on you get fired, and smart fellow who wrote document gets fired, and OS 1.4 rolls out with spy tech to mark common product names and send them back to Amazon with your location data.
RoboVac 2.2 is out now, still no voice control, and you wonder why whenever you go to buy all your favorite products online there is 10% inflation on prices although news suggests inflation should actually be decreasing for the next half year.
The "smart" thermostat stuff is scary. I have Haier minisplits in my house and they have some "smarts" built into each head unit. The way it works from the user's perspective is you connect to the device in the GE Home app via Bluetooth, enter your WiFi network's credentials, then the minisplit joins your wifi network and phones home to GE Cloud. Then your GE Home app can monitor and control your minisplit via GE Cloud.
I haven't done anything to analyze it further, instead after trying that out once I promptly changed my WiFi password and never looked back. The long term solution will involve some ESP32s, AHT20 temp/humidity sensors, and IR rx/tx.
But it just occurred to me reading this that if there's a similar vulnerability in HVAC system controls an attacker could cause one hell of an unanticipated power demand spike.
My problem with smart thermostats is the user interface couldn't be more awful. It's just nuts. You cannot do anything without the squinty manual in one hand and the squinty touchscreen in the other. So, you finally get it programmed. Then you want to change something, and boom, start all over.
I gave up.
I use a simple dial the temperature, turn on/off thermostat. I turn it off when going to bed, turn it on in the morning. Very happy.
I had a similar problem with the water sprinkler. The user manual was something like 50 pages. Utter madness. Now I just water the lawn manually, when I get around to it.
> But it just occurred to me reading this that if there's a similar vulnerability in HVAC system controls an attacker could cause one hell of an unanticipated power demand spike.
Absolutely. This was one of the things I realized could be a substantial risk when I discovered the Mysa vulnerability. https://snowpatch.org/posts/i-can-completely-control-your-sm...
Thankfully, Mysa responded very rapidly to fix it, but if they hadn't I was planning to notify the BC provincial electric utilities which were cross-subsidizing these devices.
This is an awesome writeup, thanks for sharing. And good on Mysa for responding so favorably to your research.
This is honestly why it's important to insist on Z-wave or Zigbee if you don't have control over the device firmware and must have smart controls. Why people don't seem to understand now that if it's "WiFi" it's suspect at best, I'll never understand.
This, pretty much.
The ideal setup is having a separate vlan for your IoT things, that has no internet access. You then bridge specific hubs into it, so the hubs can control them and update their firmware.
If you have IoT devices that are unsafe but cannot be updated any other way, you can temporarily bridge the IoT VLAN to WAN.
Honestly, what IoT stuff needs is something similar to LVFS. Make it so all the hubs can grab updates from there, and can update any IoT device that supports Matter. It would also serve as a crapware filter because only brands that care about their products would upload the firmwares.
Many WiFi-based "smart" devices can run locally without Internet access just fine and are supported by HA or other such platforms, which then doesn't require you using the vendor's app, which might have you need to be on the same broadcast domain as the device. They can use multicast (few home users will have multicast routing between VLANs), or direct broadcast - meaning you will likely give them Internet access because your phone needs it - well unless your WiFi is smart enough to limit individual clients. So a restricted VLAN plus HA or some such solves this.
The real problem is those devices that actually don't let you control the device locally - Tuya being one notable example. There are thousands of products that just went and dropped in a Tuya board.
Tuya is completely cloud-controled. To control these locally you need a "local key" that is buried deep in their developer platform, and changes every time you re-pair the device, and getting it without registering the device is, on purpose, near-impossible without tricks like using an Android emulator with an old version of their app that stores the key, and even then requires effort to exfil the file out of Android. Horror. A device you physically own, only responds to control from the mothership.
So yes, you don't get those kinds of issues with RF protocols, of course unless you put the vendor's "bridge" on your network...
A friend of mine found Zigbee unreliable where he was, and just wired the home for 1-Wire. Temperature sensors, relays, heating PIDs etc. Not only it just won't die, but good luck to anyone hacking it without extra equipment and ripping wires from walls, and firstly being inside, unsupervised and undetected.
Mine is Z-Wave, the next model up required an internet connection and a subscription if you wanted to access it from remote.
The HVAC guy probably thought that I was nuts for wanting the one that I got, since the price was similar. Six years later and I'm still controlling it from Z-Wave.
I replaced all my thermostats for both of my homes with Sinopé products. Here's the hardware, software, and setup:
None of the existing smart controls stuff I've found really does it for me. I'm trying to build a hybrid heating system with 4 hydronic zones and 8 minisplits. For my HVAC controls the design is converging to a round mechanical Honeywell thermostat for each hydronic zone with a "smart" thermostat (no cloud) wired in parallel--TBD whether buy vs build. For the minisplits I'm building my own thing that can speak their IR protocol, which will also double as a per-room temperature sensor. It all gets tied together with outdoor temp sensor via HomeAssistant. So if all the "smart" stuff fails, the trusty mechanical guy will keep the house from freezing.
There are halfway decent hybrid controls available for ducted systems but you can't afaik buy anything off the shelf to merge hydronic + minisplits. And as far as I can tell, none of the off-the-shelf smart thermostats has any built in analog backup. I view that as absolutely critical for my use, if the power goes out and I'm not around I need to be 100% certain that when the power comes back on the heat will also.
EDIT: Digging around a little more it seems that Mitsubishi H2i minisplit systems don't speak zwave or zigbee, neither does Haier Arctic. I'm not 100% sure if that's accurate, but I haven't been able to find any documentation in the affirmative or negative. Those are the two heat pump options available locally. I'll be remodeling a small barn into an ADU this summer, that project will be more amenable to a forced air hybrid system, so maybe I'll be able to get away with a Honeywell smart zigbee capable thermostat that can drive it.
An analog fallback is a good idea, to be sure your house doesn't freeze when you're away.
> EDIT: Digging around a little more it seems that Mitsubishi H2i minisplit systems don't speak zwave or zigbee, neither does Haier Arctic
There are no mini-splits in the US that speak anything remotely standard. If you want to go with ducted systems, TRANE and others have smart AC units that use "communicating thermostats". The protocol is based on Envirocom system and it's pretty basic.
Good news is that you can still control them by shorting the wires with a traditional thermostat, so you still can have an analog backup in case the regular digital thermostat fails.
The Honeywell thing I bought on amazon turned out to not be analog after all. It's got an Atmel Atmega something or other in it. It obviously can't connect to the internet through its 24VAC 3 wire interface but it's running software I can't inspect and therefore assume to be completely riddled with bugs. It's going back to be replaced with Whites-Rodgers Emerson unit.
Yet, it's common. They typically are drop-in replacements for classic mercury switch thermostats. Mercury is not available anymore (for a good reason), and gallium alloys wet almost everything.
Bare bi-metallic strips don't work as well because contacts tend to get oxidized and/or stuck. They are also a pain to calibrate.
A small microcontroller with a relay tends to be more reliable.
I have an old zen thermostat with home assistant support but no WiFi. They don't make them anymore sadly but it was the perfect balance.
UniFi has ppsk setup where you can put an EU on a separate vlan with a separate password. Seems ideal for this
Comment was deleted :(
Edit: misread.
Why does a robot vacuum have a microphone? Voice control?
Voice control is the claim. In my experience the voice control is entirely unusable, and can’t be fully turned off.
One thing people don't realize with regard to smart thermometers is that they're a goldmine to people who break into houses.
A 51 straight weeks of 70 degree temperate followed by a week > 70 might imply they're on vacation. People who turn down the heat/ac and turn it back on when they come home from work is also a pattern pretty apparent by that info.
Couldn't they get that information by pointing a thermal camera at the house? Most windows and doors would leak enough to show this information.
Or they could watch the air conditioner fans to know if it's on.
Not having to go the house for that specific info and being able to create a shortlist of houses beforehand would be preferable I would think.
You would need an army of thieves going around and physically pointing thermometers and the ROI isn't there.
VS. just checking your computer once and going to the correct place. Heck, set up alerts and get notified where to break in next.
The odds of a house with a smart thermostat also containing cameras is pretty high, though.
This is probably true, though I think the most important part of planning a break in is just ensuring people aren't there.
Sure, there are cameras and the cops can respond and that's certainly a deterrent, but a few masks and a quick getaway renders them moot.
Instead of going around pointing thermal cameras they simply have a dashbord, by neighborhoods, property taxes, maybe even incomes and all that.
> A 51 straight weeks of 70 degree temperate followed by a week > 70 might imply they're on vacation. People who turn down the heat/ac and turn it back on when they come home from work is also a pattern pretty apparent by that info.
Yes, exactly. I made this point in my write-up: if you can a home's thermostats, you can probably figure out when people are away. https://snowpatch.org/posts/i-can-completely-control-your-sm...
Is this cutting corners on manufacturing/assembly where they're skipping installing a unique set of keys on each device?
The vulnerability was in their backend cloud structure. The backend wasn't restricting access to only devices associated with your account.
> Out of sheer laziness, I connected to the Mysa MQTT server and subscribed to the match-everything wildcard topic, #. I was hoping I’d see messages from a few more MQTT topics, giving me more information about my Mysa devices.
> Instead, I started receiving a torrent of messages from every single Internet-connected production Mysa device in the whole world.
The devices had unique IDs, but they were all connected to one big MQTT pub/sub system that didn't even try to isolate anything.
It's lazy backend development. This happens often in IoT products where they hire some consultant or agency to develop a proof of concept, the agency makes a prototype without any security considerations, and then they call it done because it looks like it works. To an uninformed tester who only looks at the app it appears secure because they had to type in their password.
> The vulnerability was in their backend cloud structure.
The vulnerability is in having a backend cloud structure.
(There are plenty of ways to provide remote access without that, and no other feature warrants it.)
Not sure why this is being downvoted, it's a pervasive flaw across all these IoT products. See my description elsewhere here about how Haier "smart" controls work. It's completely insane, and pointless. For systems that can't fail--I include heating systems in the winter--this kind of "move fast and break shit" way of doing it is malpractice. The last thing in the entire world I want my furnace controls doing is an automatic OTA firmware update. Ever.
Exactly. I want a "smart thermostat" that's entirely under my control, not the manufacturer's.
And the manufacturer wants something that's under their control, not your.
But then you would have to configure something on your router and have dynamic dns for remote access and that’s too hard.
I'm hoping that things like Matter and Thread will help with this, but in the meantime, I have no problem with "optional remote-access service that you don't have to use and have to explicitly enable, or you can use it entirely locally".
Sell an additional $200 box containing a Raspberry Pi with Home Assistant on it and a cheap capacitive touchscreen and pre-configure it with Tailscale. Would be reasonably consumer-friendly. Give it a fancy name and start slapping "{$HOME_ASSISTANT} Compatible" branding logos on partners boxes.
If it's not quite as consumer-friendly as you want it to be, contribute your engineering hours to the Home Assistant product until it is.
Bonus points for giving it 25-250W audio output to power speakers and letting you pair them together to play music in sync across different rooms of your house connected to speakers of your choice.
Market size: approximately zero.
The number of people who 1) really want local-only control and 2) can deal with Home Assistant and Tailscale but 3) don't actually have the skill set to put together a Raspberry Pi or other small Linux box and set up HA and TS themselves is tiny.
The cloud systems are insecure and invasive, but it's really hard to get Normal People to understand why it's a problem. "So someone can tell if I'm not home; so what? I live in a gated community, they can't just drive in at night and burgle the house." They're not entirely wrong about that; it is unlikely. The hard push for subscription services by these companies has turned out to be the best way to push people into locally hosted alternatives, because they don't want to pay for another service, but the usual approach is just to do without the service when they realize that the "smart" functions are not that useful. Most people don't have the free time, knowledge, or inclination to set up and maintain Home Assistant. They can appreciate it when they see it done well, but they aren't going to pay for a professional installation and maintenance and they aren't able to do it themselves.
> The cloud systems are insecure and invasive, but it's really hard to get Normal People to understand why it's a problem.
In the case of HVAC systems the danger is a collective one not individual. Sure if someone really wanted to they could watch you and wait until you're not home then turn your heat off and freeze your pipes. But they're not gonna do that, probably. Instead the kind of havoc they'll wreak with this access is to wait until some off-peak time and instantaneously fire up all the AC units and shut them down simultaneously, repeatedly, causing a huge demand spike. If supply doesn't ramp up fast enough then frequency will drop and then the grid will start trimming off branches to self-correct (or something like that? I'm not a power grid expert someone correct me) and you basically have chaos.
So you don't need to get individuals to care about it, and there's some argument to be made that they shouldn't, or at least shouldn't have to. But the power company damn well should, and governments damn well should.
I already have homeassistant configured for that. Why would I want a shitty vendor-provided version of it in the cloud?
In that case you would just simply not buy their box and hook up the device to yours. That's the beauty of open interfaces.
I think it's about being a configuration management nightmare. If every device has a unique password, you need the decoder ring for serial number to password. However, not all processors have unique IDs. So you either need to find a way to reliably serialize each board during manufacturing and hope it stays (like a sticker/laser/printer/etc) or add a serial number chip which is cost and complexity. It's not impossible, it's just extra work that usually goes unrewarded.
I'm a long way from embedded development. But I was under the impression a lot of microcontrollers these days have some ID capability built in, even some relatively low-end ones. This strikes me more as laziness than anything.
This is true, for example many stm32 series have a 96 bit unique id which is derived from the lot number, wafer id and position [1]. Even the low cost stm32g0b1 series I am using has them, but they are missing from some older series.
[1] https://community.st.com/t5/stm32-mcus/how-to-obtain-and-use...
Moreover, on any device that is connected to Internet you already have a unique MAC address on its Ethernet or WiFi interface.
You can hash this unique MAC address, together with other data that may be shared with the other devices of the same kind, to generate unique keys or other kinds of credentials.
Surprisingly it's not everywhere. I'm very in embedded development and cannot count the amount of time I look for "unique" "id" etc in a reference manual and come up short. It's certainly more common than not, but you often have to design systems for the lowest common denominator.
> It's not impossible, it's just extra work that usually goes unrewarded.
That sounds like profit motivated negligence, and it sounds like a standard justification for why Europe is going to hold companies liable.
It is indeed. And that sucks but that's what it is. Product design is about calculated risks and trades. It's a good thing regulators are here to help because companies won't do it on their own and the general public doesn't care enough.
We will all owe the EU a massive debt of gratitude. Hopefully USB C was just the tip of the iceberg.
I have not knowledge of this kind of software dev/hw production, so can you please explain why the units cant just be born with a default pass and then have the setup process (which is always there) Force the owner to set a new password?
Knowledge or not, this..
> It's not impossible, it's just extra work that usually goes unrewarded.
.. is just not an acceptable way for business to think and operate i 2026, especially not when it comes to internet connected video enabled devices
I'll answer your question with a question: how often do you see people complaining about needing setup processes vs the old way of just plug and play? There's no perfect answer that placates all sides. Things can certainly be better, but when those people win and you no longer need to have a setup process, then what?
While true that in $current_year it would be nice if things were more secure, the sad truth is that most people don't care.
I agree that yes most just want PnP and basically don’t care about security. But it seemed on the posts above that there was an engineering complexity, and a robot vaccum needs local WiFi, so there will be a setup flow. Whats preventing a password selection just be part of that?
> a robot vaccum needs local WiFi
No, it doesn't. Unless it's supposed to spy on you (or "harvest training data") there's no reason it needs to phone home at all (c.f. Roombas).
Well it needs to talk to either a web frontend (internet) or app (bluetooth or wifi). If you're worried about it spying, well, the app could always relay data for it.
Anyway regardless of wifi, bluetooth, or something else there will be a setup process.
I am shocked really, i think this is actual law in China.
This is just people working 24/7 for 50 dollars a month? Because we want cheap shit
[dead]
As part of my thesis work almost 10 years ago I worked on a robot vacuum cleaner, (working on their sensor data) and one smart hardware implementation they had was that they had separated the computer vision module from the main board.
This way, only processed vision data would be physically sent to the main board. This constituted of mostly just "line segments", almost like a sparse point cloud, to detect obstacles and edges. They argued that this was more privacy safe because there's no way for the main module to access any raw vision data. It did however make the SLAM part harder to make work.
In hindsight, a good decision. I got one as a thank you for thesis work and it's still running just fine (with battery and brushes replaced once) and good to know that with the years of software update it still can't check me walking around in underwears in my apartment
I'm obviously wondering which company this is but understand the anonymity. I have a LIDAR vacuum to avoid cameras and from connecting to its debug socket could see the point cloud enough to know that it was very granular.
Which brand did you get? I’ve always been hesitant to get one, I’d like one that I could reduce the amount of data sent out to the cloud
Internet connections on devices are an anti feature to me. I need something to work reliably without internet. And then maybe add some extras through internet access through open and secure protocols, so I can always write my own implementation.
The dishwasher at my office has WiFi.
Why do companies insist on connecting every single device to the internet? Fortunately it's mostly an optional feature, so still works just fine without it, but in general it's a pretty strong signal to me to not buy that product.
In addition to collecting and selling every scrap of you your private data they can get their hands on, having 24 hour access to the internet also means that at any time they can push updates that disable features you paid for so that they can start charging you a monthly fee to regain access to them.
Any CEO whose company engages in spying and theft should be criminally charged and thrown behind bars just as you or I would be for those same acts, but right now companies can do pretty much anything they want to you and if they do happen to face any consequence it'll just be a slap on the wrist that costs them a fraction of the profit they made ripping you off and violating your privacy.
> The dishwasher at my office has WiFi.
At one of the AWS builds I worked at there was a water dispenser. It had one button to dispense cold still water, one for fizzy, one for hot water, etc.
Instead of JUST PRESSING THE BUTTON WITH YOUR FINGER, you could—and I am not making this up—download an app that would allow you to pair to the dispenser via a QR code, and then remotely trigger the water-dispensing action… so that you wouldn't have to press the button.
Absolutely insane.
Yeah, I imagine that this feature was dreamed up during the early part of the COVID pandemic where it was hypothesized that COVID spread on high-touch surfaces. Still doesn't make it any less insane. (And also, that theory was pretty clearly highly sus from the start.)
I thought this was pretty much a known fact by now. To make more money. They sell the data, or monetize it somehow. They disguise doing it under all kinds of "features" which indeed might be useful for some people. What should ring your alarm bells is any device that needs you to make an account, at least once when setting it up. That's valuable data, who/where/email/phone number etc. If you cannot fully use the product without at least one initial access to the internet, your data will be monetized, that's the reason you're not able of using it, they need to get something out of you. Of-course there's features that don't work, or make any sense, without internet access. But if you cannot wash your clothes without an account/initial access to the internet...that's sus.
It's cheap to do, some people like it and it can be sold to them as a premium feature, and it enables future enshittification with subscriptions and other revenue opportunities.
Ignore the security issues for a bit, because most buyers don't know/think about those. If it wasn't for the enshittification, having your dishwasher online would be useful. Not groundbreaking, but being able to look up how long it still has without having to walk to the kitchen, get a notification when it's done, be able to look up error codes or check the status of consumables would be kind of nice if it weren't for the downsides that come with it. But those downsides are not something people think about.
At what point do these security flaws come with a criminal level of negligence? This isn't intended to be an inflammatory or angry comment. It is a genuine question.
If one's goal was to force companies to implement better security for their products, it would probably be more efficient to cause maximum reputational damage to the companies, instead of just "responsibly disclosing" vulnerabilities.
It would temporarily suck for consumers, having their devices exploited and their privacy abused, but it would lead to wider awareness of the problem, shaming of the companies, financial and legal pressure, and hopefully change things in the long run.
Disclaimer: This is not a call to action to do illegal things. Your decisions are your own.
Anyone who's somewhat technically inclined should, in my opinion, only be buying valetudo [0] compatible vacuums and replacing the default software as soon as possible.
I found the “Why Not Valetudo” page on that site extremely persuasive. I would consider myself technically inclined. I also own a robot vacuum so I can spend more time doing important things that leverage my skills. Valetudo does not serve this mission.
Very impressive, but I disagree that this is the clear best choice for anywhere close to anyone.
For anyone else wondering, "Why Not Valetudo" <https://valetudo.cloud/pages/general/why-not-valetudo.html> lists:
- all the same downsides as keeping the stock OS would have ("it's opinionated software", "it's not about you", and the last one "it's not a community" basically means "you can't tell me how to change my software and be confident I'll do it")
- that this fan project is not necessarily as polished as the original software (as I would have expected)
- Only supported robots are supported (as the author themselves say: duh)
- it only works in english
- you can't revert to stock software if you don't like it
For me, the latter is the only thing worth mentioning. You made me curious what all these compelling downsides are but the rest is obvious and the latter isn't surprising / I would have known to check beforehand
How did you come to the conclusion that it's not likely the right choice for nearly anyone? Do you think so many people wouldn't understand enough English to operate the controls of a robot vacuum cleaner? Have you found features to be missing or clunky/fragile enough that people would frequently want to revert to stock? Do you think people care so much about it being community-driven FOSS that they'd rather keep the proprietary OS instead of open source that isn't community-driven?
Btw I have no experience with the project whatsoever and am not involved, only interested in trying it out once we need a new vacuum. I just came to a very different conclusion and am quite surprised by yours
There is also the "No multi-floor/multi-map support" point. Apparently it is treated less seriously than others there, and omitted here, but seemed particularly unfortunate to me: having per-floor dry cleaning robots seems wasteful, while in that text it is assumed that they should be fully autonomous (no manual transfer of those between floors), and likely with large and frequently used docking stations for wet cleaning.
(FWIW, I do not use multi-floor robots myself, only using an old random-walking Roomba in a single-floor setting, but considering getting another robotic cleaner for a two-floor house, where it does seem reasonable to manually move it between floors, as I would move any other cleaning tools.)
This was the example that really drove home all the other points for me. Not only is Valetudo opinionated software, but you'll be accused of having "fictional budget concerns" for wanting a very reasonable feature.
I occasionally take my Roborock upstairs on weekends for a vacuum. Turns out it will also do a basic mop run with the water in the tank. Takes me 5 minutes of setup/tear down to get an extra floor for no extra cost. It would take me more time to babysit the extra base cleaning task of a second mop, so this saves me time and money.
To me, this demonstrates that Valetudo is intended to be hobby pursuit of maximal automation/freedom at all costs, resulting in a system that has worse features and takes more work than the base software. I applaud the creator for being so clear in this mission to the point of explicitly encouraging me not to use it.
Also, the first line in "Why Valetudo?"
> First of all, please do not try to convince people to use Valetudo.
A good realist position for such a project to take.
That is very refreshing.
Many geek hobbies like 3D printing and home automation are becoming full of unnecessarily smug evangelization if you're not using hivemind approved software and tools, even if it requires a lot more work to do.
It's nice to a see a project encourage their userbase to be realistic about what it is and refrain from trying to force it on everyone as the only acceptable way to use a robot vaccuum.
> Many geek hobbies like 3D printing and home automation are becoming full of unnecessarily smug evangelization if you're not using hivemind approved software and tools, even if it requires a lot more work to do.
A mix between gatekeeping and tribalism. Reasonable people realize that others who want to enjoy a hobby do not have to do the hobby the same way as they do, or make the "right" choices.
The main value proposition is privacy and security. If you are content with the privacy and security of your existing vacuum, then yes, I'd agree it's not for you. That being said, your critique seems to imply that Valetudo will increase your overall time spent managing the vacuum, and this has not been my experience. There is the initial setup time which I'm sure varies by robot, but for me took (conservatively) and hour or two, and then I never think about it again, to the same degree that I would before. You still have schedules, etc. and all the same features that make a robot vacuum a time saving item.
I wonder if Claude could do a good job or setting this up for someone not technically inclined
Until it can disassemble a robot to attach a programmer to the mainboard, it cannot.
It can, it has meat buttons it can press or boss around.
For a brief, beautiful moment, one man came close to sucking more than any other person in human history.
Comment was deleted :(
About 10 years ago I was at a startup that used one of the upstart 401k providers of the time. Logged in one day and could see several of my coworkers’ accounts. Really bad class of bug. Still not clear to me how they could have screwed up account atomicity so poorly but assume it was something to do with how they managed orgs.
I was pretty mad about it but also tried to play ball and not make too much of a fuss because I learned some pretty private things without meaning to and didn’t want to inadvertently make them public. Should have been more vocal.
> didn’t want to inadvertently make them public
Screenshot, redact, mass email everyone. Problem solved. Financial institutions don't deserve any leeway with security issues when it comes to their reputation. Handling your money securely and privately is the totality of their reason for existence.
I tend to err on the side of discretion as well. It's more professional.
Though over the years, I've learned to calibrate that discretion proportional to how much of a good-faith effort the counterparty involved seems to be making. If they clearly don't give a shit that they're incompetent, they can expect my megaphone to blare.
Due to the wonders of technology, you can now do the equivalent of the Steven Wright joke:
“In my house there's this light switch that doesn't do anything. Every so often I would flick it on and off just to check. Yesterday, I got a call from a woman in Germany. She said, 'Cut it out.'”
At scale, over the Internet.
I once did something similar for car wash doors. there's a car wash door company out there that has a control panel accessible over VNC and uses the same defaults for every one they set up, so I used to connect to random ones and open and shut the car wash doors for the fun of it. The best part was when someone noticed and tried to shut it only for me to open it again, resulting in a battle where neither of us knew anything more than someone or something keeps undoing my actions
I have my Roomba programmed to start at 5pm every day. Multiple times now it's come to life at 7pm, gone straight to my bedroom, stayed for for 5-10 minutes, then come back home to its dock and gone back to sleep. I have no idea what's going on.
Does it even vacuum while it's in there? From what you wrote, it sounds like it just comes in, sits menacingly at the side of your bed, and then leaves...
I was in the living room and didn't follow it into the bedroom. It didn't sound like it ever turned on the vacuum. It has a mapping mode (I assume) where it drives around and doesn't vacuum.
iRobot is now Chinese-owned.
Original story: https://www.theverge.com/tech/879088/dji-romo-hack-vulnerabi...
Accompanying discussion on hn https://news.ycombinator.com/item?id=47047808
Thank you, the guidelines are clear that the original source should be linked.
> In order for the Romo, or really any modern autonomous vacuum, to function it needs to constantly collect visual data from the building it is operating in.
I specifically bought one without a camera or mic.
My Eufy claims to do all processing locally. I admit I never verified this (eg turn off the wifi while it's running - I should actually). But they were the only Chinese manufacturer that at least bothered to write anything about data locality and privacy in their marketing materials, and that got them my money.
Obviously at any point the brand can send a firmware update down the wire that does send a realtime video feed from my home right to Chairman Xi's bedroom. I'm aware of that, but the reality also is that the European/US brands currently don't get anywhere near the Chinese price/quality ratio, and I didn't want to muck about with Valetudo, I'm not courageous enough for that.
I'm not super happy about this situation but I am super happy about the robot. It's really very good.
Isn't Eufy the one that marketed fully local smart cameras that actually just streamed to the cloud unencrypted?
that said, this being 2023 and them being properly shamed might be why their site now says it's all local and TÜV certified (which i doubt means much, but still)? like outrage actually forced them to get their act together?
hahahaha srsly i feel like such a dork right now
> In order for the Romo, or really any modern autonomous vacuum, to function it needs to constantly collect visual data from the building it is operating in.
IMO the random bouncing of older Roombas was unfairly pilloried. Sure, it didn't look great, but in practice it was effective at cleaning.
Are there any like that that would have automatic emptying?
Roborock q revo
The Roborock is what I have, and I've had no complaints; the Q5 Max+. With some googly eyes, it's pretty cute :)
Ive got a q revo pro, which can dry the mops.
Happy with it but note that I dont have carpets, I guess for carpets you need something with more features.
The Q Revo series does have a camera and mic.
They don't, the camera equipped ones are the maxV series.
Q Revo has an IR sensor which doesn't transmit that data anywhere.
I had a Q Revo Edge that had a mic (it responded to "Hey Rocky" commands) and I could remotely view my house through the camera.
Are you thinking of the S8 line? That's the one with the MaxV model.
No, I'm thinking about the Q Revo line which does not have cameras as I mentioned.
Only some models
How do you know? For sure, I mean?
I wrapped mine in foil to be safe and now it's fabulous
I mean your coffee maker could be a one-off spy device with nation-state backing. But it seems unlikely.
If Google thought it was okay to hide a microphone, I'm sure less scrutinized companies try to get away with worse. https://www.bbc.com/news/technology-47303077
if they can build an internet connected coffee maker with mic and camera for 60 bucks that's freakin' amazing!
$17.60 for the internet connected microphone and camera (see parts list below),
list of coffee machines for under ($60-$18):
https://www.google.com/search?q=coffee+machine+under+%2442
m5stack camera: $7.10 https://shop.m5stack.com/products/unit-cam-wi-fi-camera-ov26...
m5 stack microphone: $3.50 https://shop.m5stack.com/products/pdm-microphone-unit-spm142...
m5stack atom light S3 controller: $7.50 https://shop.m5stack.com/products/atom-lite-esp32-developmen...
I'm pretty sure they'd be happy to swallow the loss when building a one-off device to specifically target you.
defeated by walking into a random shop and picking one off the shelf
rather than buying it from scamazon
Undefeated when they break into your home
at that point the coffee machine is sort of redundant
You could buy a wifi module, a basic camera and microphone for less than a few dollars
Would it include a cell radio and SIM card? Or are they hoping for an open WiFi network in range?
Radiate the signal out through its power cord, silly.
he did say he was trained at the kremlin...
phew, yet another reason it pays off to not be a coffee drinker.
:) I'm sticking with my Aeropress
I'm sitting here drinking an Aeropress-made coffee as I type this, but thinking about how the kettle I used to boil the water is wifi-connected. (Although the smarts are limited to firmware updates, there's no control of the kettle or useful data collected from the kettle.)
I understand why such a device might have firmware. For instance: The drip coffee maker in my kitchen also has firmware; it is used for things like operating the clock (which I've never set...), starting automatically at a pre-set time, and for turning the hot bits off after an hour or two. It's completely offline; these are just pre-programmed functions that will never change.
But I have some questions, if you've got a moment.
Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?
(And remember: Since the kettle has a radio and a network connection, data collection isn't necessarily limited to kettle operations. Deducing location is easy for a motivated party using wifi and/or bluetooth signals in populated areas where others are using wireless technologies; see, for example: https://www.qualcomm.com/internet-of-things/solutions/qualco... )
> Why does the kettle's firmware need updating? What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?
It's a Fellow EKG Pro kettle. They've got release notes here: https://help.fellowproducts.com/hc/en-us/articles/9593179929...
Notably, bug fixes to the same features that your drip coffee maker has (clock/scheduling stuff stuff), and the addition of new languages to the UI.
> What inhibits a future firmware update from controlling the kettle and collecting data? How would you or any other owner of this style of kettle know if it had shifted gears?
I assume these are somewhat rhetorical questions where we both know the answers - I'm not harbouring illusions here - as with any internet-connected software you have to trust the vendor.
If it were up to me, I'd prefer a Z-Wave-connected kettle that received its firmware updates via Home Assistant... but fancy pour-over kettles are niche enough that a market for a Z-Wave one simply doesn't exist.
As-is, I've got enough trust in Fellow that I'm leaving my kettle connected for firmware updates. Of course, that may change.
That's a very nice-looking kettle. Having looked at it, I agree with you completely. It seems rather unlikely that it would turn into a manufacturer-supported attack vector.
We do have a different out-of-band/disconnected/not-wifi way of doing firmware things, and perhaps we should use it more than we do: Bluetooth. It's about as universal as it gets.
I mean: Imagine a Venn diagram, with two groups. One group represents people who update the firmware in their kettles. The other group represents people who have Bluetooth-capable pocket supercomputers.
The two groups overlap so neatly that the diagram is indistinguishable from a circle. :)
Oh yeah, that's a good point, Bluetooth would actually be marketable product. Though my preference is not needing a mobile app, if they used Bluetooth and made it HomeKit compatible, then they could also push firmware updates over the Bluetooth connection from an Apple home hub.
A kettle needs firmware updates?
I'd say "has" firmware updates rather than "needs". You can see release notes: https://help.fellowproducts.com/hc/en-us/articles/9593179929...
A kettle needs firmware?
Some software features are actually quite nice on kettles! e.g. Mine has adjustable altitude calibration which simplifies things that are temperature-sensitive if you live somewhere with a boiling point notably below 100°: https://www.precisekettlepicks.blog/blog/buying-guides-by-us...
Not really, I'd be impressed if my moka could spy on me, at least after the first use.
Does your smartphone have a mic?
You've brought up such a brilliantly useless point to this discussion. I'm really appreciative of your efforts
Smartphones at least have some semblance of security, whereas iot devices are a free for all
Do they?
I'd like to think that they should have reasonable security with my best interests in mind, but I really have no way of investigating what the baseband is or is not doing.
“Accidentally” is not accurate. He used AI to inspect the source and found credentials that work in all devices. He also never gained control of anyone else’s devices. He never used the exploit.
I didn't read the article but based on the title and subheading I assume they say "accidentally" because he was trying to reverse engineer the communication protocol to use his own device and he did not expect to find something as dumb as master credentials that would work on others' devices.
"Accidentally" as in his intent was to gain control of his own device but instead discovered what would in a just world be considered criminal levels of either incompetence or indifference to the most basic levels of security in the entire product line.
I don't knowingly have any live cameras or microphones in my home other than my laptop and phone (I know those are big "buts", but still), and I plan to keep it that way.
I remind myself of this no matter how much convenience I may be missing out on. (Getting a TV without em is kinda hard!)
Planning in advance, same for any AR stuff, not in my life, I'm sticking to it.
I've just accepted that Microsoft, Google, and Meta all have a constant wiretap in my office (on account of my Windows PC, Android smartphone, and Meta VR headset).
It's rather dystopian to just know and accept this, but there's really no alternative if you want to participate in modern society at a normal capacity (sans the VR headset, that really isn't a necessity).
Something something, keep your enemies closer, right?
Unless you watch actual TV theres no reason to buy an actual TV in my opinion. You can get nicely large monitors and displays for pretty cheap, and a minipc or even a stick pc and youre good to go.
Both of my 'TV's are big monitors with some lenovo minipcs running debian. Hardwired, but i could wifi them if i want.
Zero tracking, zero bullshit.
I have a roomba It has never been connected to wifi and I’ve never used a phone app for it (I don’t have a phone)
It works perfectly.
a room a?
Sorry, autocorrect. Roomba
Companies this inept really need to get fined.
Like how many layers of people had to have OKed having the same password for all of them? It’s incompetence on an impressive scale.
Agreed, this sort of thing should at minimum be considered gross negligence at this point, but because regular consumers who buy these products rarely see and almost never understand these news articles it doesn't really impact sales so the company doesn't care.
If this discovery was guaranteed to result in meaningful fines companies would get their act together pretty quickly. 7000 counts of negligent exposure of private data (camera/mic feeds) should in a just world be millions of dollars in fines at the least and arguably criminal charges for management.
Exactly. If GDPR fines can be so high, then something like this that is pretty much intentionally leaking personal data should be in the same ballpark.
Comment was deleted :(
Just one underpaid dude.
I give up. Privacy's hopeless as none care. When so many are prepared to chuck privacy to the wind and connect a roving camera in their homes to an internet server that's not under their contol there's no hope. The few who do care are swamped by the numbers.
Anyway, what's all the fuss about (those affected couldn't give a damn about their privacy)?
The robot in question is the DJI Romo, an autonomous home vacuum that first launched in China last year and is currently expanding to other countries. It retails for around $2,000 and is roughly the size of a large terrier or a small fridge when docked at its base station.
Unfortunately it doesn't fly.... although if it did, that would've made this even scarier.
Consumers are not voting with their wallets, they do not care. Surveillance for profit will be illegal. Time for the Internet Bill of Rights. Trust me, it's coming. tyfyattm
> [...] the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio [...]
Sorry what? Why would a vacuum cleaner even need a microphone?
Control by voice? Not that absurd.
Audio and video surveillance via robot vacuum is a feature: you can control the vacuum, see and hear the world from its perspective, and spy on your cats. I wish I were kidding.
Who is "you" in that sentence?
One.
control what?
"get out of my room"?
As an impractical idea, echo location popped into my head.
He couldve cleaned up....
How long before there is a claw controlled network of robot/device spies and soldiers?
Comment was deleted :(
I bet he had the world's cleanest floor.
Surely this also requires reporting DJI to the authorities for gross negligence? This is not an oopsie, this is deploying a surveillance network without telling anyone.
It is gross negligence, but to which authorities are you reporting them to and which criminal violations are you claiming they broke?
Every single one relevant to where you live? If you're in the US, the US. "Good fucking luck and lol" and all that, but do it anyway. In the EU? Your country has agencies for this, as does the EU as a whole. Perform your civic duties, they still count in the EU.
Somewhere else? I don't know man, the author sure seems to live in either of those two regions.
You know where to report things if you live on Earth and use the internet.
This is a DJI company? Ouch. [edit] ah it is right in the title of the og article. Wow. Just wow. In China we just use a broom, so maybe it is an oversight (aka no one uses this overprices crap)
I invoke Hanlon's Razor [0]. Never attribute to malice that which is adequately explained by stupidity
I reject this razor on the basis that the author is more than clearly not stupid.
Well - imagine how many cat furs can be vacuumed with this!
China simply isn't interested in or understands privacy at the moment. I have some experience with cross border relations with them and getting them to sign and then care about data processing agreements we need for gdpr is something for sure...
My understanding is that there is no malice or incompetence, it's usually just "who cares"
Chinese engineers are knowingly surveilled by the state with no recourse. Commercial offerings of all shapes and sizes have cameras and microphones. It's just new tech.
In the US, Five Eyes, and abroad, there is at least some ceremony around calling this bad even though a similar apparatus is installed. (Supposedly with "checks and balances", but who knows?)
People in Western countries almost unanimously find corporate spying creepy. (Though ad tech has snuck in via convenience and invisibility.) We find cameras a hard line.
The TikTok and Twitch generation has different attitudes about always-on cameras, though.
Please don't edit the title
One advantage of AI-generated copy is it generally doesn't make mistakes like this.
The only mistake I've noticed, besides inexplicably lapsing into Chinese mid-sentence, is parallel construction errors, like "This product is fast, lightweight, and won't break the bank!"
> parallel construction errors, like "This product is fast, lightweight, and won't break the bank!"
I'm failing to see the error. That seems like perfectly sound, vernacular English.
The first two of the three are adjectives, each connected to the subject by the one "is," and the third is a verb phrase not using the "is." Ideally they'd be all adjectives using the "is," or all phrases supplying their own verbs.
Not the worst error in the world, but it stands out in LLM text that is otherwise remarkably nit-free.
But is it even an error? You are parsing it as a single list, but it could just as well be parsed as "subj ((is {a,b}) and vp-predicate)".
I guess you could argue that the first list needs an "and"? That's fair I suppose.
(We have descended into one of the deeper circles of grammar hell. I will remind you that you're free to leave at any time.)
Yes, exactly. English grammar actually doesn't require the "and" to end a list (leaving it out is called "asyndeton" if you're curious). A good example is Lincoln's Gettysburg Address: "... and that government of the people, by the people, for the people, shall not perish from the earth."
So after all this, there actually is a way to analyze the example that is strictly valid. But most people would look askance at the standalone sentence "This product is fast, lightweight." That is, I suppose, unless someone like Abraham Lincoln worked it into his next speech.
Well it only took until the 2nd paragraph, and the words "DJI’s remote cloud servers" for me to be forehead-slappingly disgusted again.
Obviously proper diligence wasn't followed with this product, and obviously this is going to be something we've all heard before, but why does a vacuum need to talk to a server at all?
And also, to go even further back, is there anything more leopards-ate-my-face than a compromised robo-vacuum? I have never understood the appeal of these things. Except as satire. Pushing a vacuum around takes minutes, once a month, all the more so when you live in a 3m x 3m box with 12 roommates, and is badly needed exercise for a lot of pathetic little nerd noodle-arms.
> Pushing a vacuum around takes minutes, once a month, all the more so when you live in a 3m x 3m box with 12 roommates
That's a lot of assumptions.
I budget an hour every couple of weeks to vacuum the entire house (kitchen more frequently, but that's quick). When we had pets, which we'll probably have again in the future, this had to be done weekly.
I get the frustration, but this is how pretty much all of the connected home devices on the market work. Sure, there are local-only versions of many of these things, but that sort of design is in the minority both in number of products and in sales.
And it makes sense: most people want this stuff to just work, and be accessible when they aren't at home on their WiFi network. The only reasonable way to do that these days is to have a central server that both the devices and the control apps connect to. Very few users (and yes I am one of them) are going to set up a local control server and figure out how to securely set up remote access to it.
It's a crappy situation that leads to security incidents like this one, but that's just where we are right now.
Regarding cleaning frequency: no need to repeat what the sibling commenter said, but I will say I suspect your cleaning needs are much lower than those of the average person.
>once a month
We vacuum and mop our kitchen and dining room daily. It gets dirty, especially when you have young kids.
> Pushing a vacuum around takes minutes, once a month,
Wait, you vacuum your living space *once a month*? If that is indeed the case, I am nit surprised you do not get the appeal. But everybody I know personally has a different understanding of cleanliness. We vacuum once a week at least and ans frequency only goes up if you have kids or/and pets.
> and is badly needed exercise for a lot of pathetic little nerd noodle-arms.
I get the implication, hahaha. But in all seriousness, our Robot vacuum was the only tech purchase that I ever made based on an explicit wish of my girlfriend.
These things really make life easier for lots and lots of people.
Paying almost a thousand - or more! - to have an overcomplicated device filled with sensors put into your most private sphere voulnerable to adverse elements unnecessarily (had a perfect dumb robot vacuum doing its job loaned to us once, but no-one sells such when they can sell bullshit for 4 times more, idiots buy it regardless), that is not smart....
Consumidiotsm, is the term comes to mind. Eating up crap, is the analogy from non-technical contexts. The side effect is, that buying properly made not overcomplicated and tedious to maintain (update, refresh, pair, disgnose, update and configure connected harware, click away pushy self-promotions, the way it is not exposing you to the manufacturer or everyone) products is tedious (loosing saved efforts). Poor others just want simple and robust, not fragile and risky tech-crap doing the core thing are left out.
(Robotic vacuum is a great concept! The available implementations in the other hand are rubish!)
This should be a supervillain origin story.
My first think after reading title was "Silicon Valley" series (2014) and episode with Gilfoyle and taking control of smart fridges ;) Sorry. A but out of topic, but I had to mention ;)
His code sucks...
Tough crowd. Even the robots got the suction reference.
Well some robots like these are on the cutting edge of autonomous sucking.
[dead]
Terrible writing in the article.
>It retails for around $2,000 and is roughly the size of a large terrier or a small fridge when docked at its base station.
So, large terriers, and small [presumably 'smart'] fridges can have docking stations?
accidentaly a god, a sucky kinda god, but a god none the less " I command thee to make vanish the minor sins of this world my minions"
Comment was deleted :(
Crafted by Rajat
Source Code