p3x.deManufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline
Blaze (he/him)www.tomshardware.com/tech-industry/big-tech/man…
An engineer discovered that the manufacturer can remotely brick his smart vacuum for not collecting data.
24 Comments
Comments from other communities
CatoblepasHaving someone use a remote kill command for an item you bought for reasons other than imminent threats to safety ought to be illegal. This shouldn’t be treated differently from a car salesman bricking your windshield after you drive off the lot.
In germany there’s the “Computer sabotage” crime.
Is it still sabotage if the only thing they have sold is a license to use their product not the product itself. That is still their property.
I’m no law expert, but as far as i know, there were already similiar cases. Reasoning (german law): Software required to run the product is not “licensed to use” but part of the product, which was bought, belongs the user and not the company. Remotely making the device unusable would indeed violate that term.
At least in EU the manufacturer can’t revoke licenses on sold physical products with no cause (can’t expire before EOL either) and can’t remove advertised functionality. If any feature is conditional or temporary it has to be disclosed before sale.
☂️-
KairuByteThe issue you’ll run into is that the data runs through their servers, and you ages to let them kill it off. Should that be legal? I honestly don’t know. But they shouldn’t force you to use their servers to begin with, which would make the entire issue moot.
RhaedasConversely, instead of blocking the data transfer, have it send false data. Maybe a few drop table inserts.
I do this when a job makes me install productivity tracking software. Surprisingly easy to gin up fake screenshots and JSON of your activities and inject it into the program. All it does is upload the records from a user folder every X minutes
sorghum
I Cast FistIn case you have a robot vacuum and want to run it cloudless you can check Valetudo.
It’s been running my vacuum the last 4 years and I couldn’t find any downsides (There are several extra functions if you like to tinker around with home assistant and the likes)
If you have any doubts or need assistance with installing it, I would be happy to give you a hand :-)
Unfortunately this doesn’t support Roomba.
I am running my Roomba fully offline via HomeAssistant now. I can’t access the cleaning maps, but the rest works well (granted, all it could ever do is “start” and “return home” in the first place).
Funnily enough, the robot is continually panicking about the time now, it literally pings an NTP server every 10s (which is blocked by my router)
Fuck Roombas! I returned mine after 3 days due to several very painful knocks on my feet.
Those fuckers are feet killers!
UndergroundGoblinYou could just setup a dedicated VLAN without Internet access to prevent this. Right?
CouldbealeotardMaybe in some cases. My robot stores it’s smart map on the cloud, which means of you cut off the internet it loses a lot of features.
I never thought I’d ever have to say this, but are we so fundamentally lazy that using an acoustic vacuum is just being entirely unreasonable?
My god people. Loosen up your schedules.
acoustic vacuum
Not a native speaker, is this even a word?
Never heard it before. Maybe they’re trying to make a metaphor, like an acoustic guitar = basic, electric guitar = smart. Maybe mistranslation.
dreadbeefprobably tongue in cheek. Like a “boneless” couch. It’s just a memory foam couch, but people call em boneless
jelaThe thing is.. I like vacuuming my home when I’m away from home, and that’s a lot harder to do manually…
If you’re opposed to modern conveniences, get a broom.
Brooms are technology too, they were just invented thousands of years ago. They need to just switch to dirt floors like God intended. Oh wait, floors are technology too.
Yeah, everyone has to choose what “modern” means to them I guess, but I think people who are happy to use smartphones and computers but draw the line at robot vacuums are kind of silly. There’s a difference between the original post’s (very reasonable) desire to have a disconnected robot vacuum that can’t collect data, and the further level of derision that seems to come up anytime anyone wants to use any kind of convenience or time-saving device.
I’m anti-cloud connected devices, too, but the right answer is getting one that’s local or disconnected. Guess they were too dumb to figure that out, and making fun of people who make the compromise on it maintained their ego.
Okay buddy. Cool story. Enjoy automation freeing up all that time to spend staring at a screen and smugly missing the point.
Reliance on automation will never end well. Just saying. This should have been expected.
It doesn’t appear that anything is being done about this. I imagine there are many more devices pulling similar shit (sending personal data they collect back to their data centers without consent)… It just bothers me that there’s doesn’t seem to be any pushback whatsoever in cases like this. Not that i need or use a robot vac but I’m sure this type of data collection is hardly limited to them
Even worse still, if you don’t allow them this intrusive data, they remotely brick the device you own.
Corporate execs ought to go to prison for that.
s/prison/the guillotine/
There needs to be a law stating companies MUST notify you that “this product won’t work if data collection is disabled” on the outside of the box
Lol sure, “let them do whatever they want but it should be ILLEGAL not to write it on the box!”
No no, I absolutely agree that shit like this shouldn’t be allowed in the first place. But the issue is most people I’ve met genuinely do not care. They are okay with the amount of data being collected by their corporate overlords.
At the very least stating that a product won’t work if it isn’t connected to the internet allows consumers who do give a shit to know what type of product they’re dealing with.
Something has already been done about this: https://valetudo.cloud/
The “iLife” robot in the article is based on the 3irobotix CRL-200S, a “white label” unit that a bunch of brands sold as their own, up to and including Xiaomi, Viomi, Conga, Cecotec, Proscenic, and even Wyze. I have the Wyze version (the only one sold in the US), which will be getting Valetudo, but I kinda bricked it while attempting to root it. Luckily the motherboards are cheap, I picked up a “new” one for $15. Just waiting for it to show up.
It’s a tidal wave. It’s very hard to stop. The wave consists of about a trillion variables all pointing in the wrong direction.
Guys just help project valetudo and flash custom software on ur vaccum cleaner to make it autonomous and working under ur control.
https://valetudo.cloud/
iAmYourLife
I don’t clean.
Kill who? Thats my question.
Why didn’t he just use DNS spoofing?
“we didn’t do it because it was easy, but because we though it would be easy”
And then we got angry because it didn’t work and worked on it until 3am.
I too, read art of war
Is it from there, I got it from r/programmerHumor (equally as destiguished imo /s)
It is not.
Why do it the easy way, when you can do it the fun way?
To quote the inventor of the Steam Brick:
Hey, it was my turn for the repost!