An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That’s when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn’t consented to. The user, Harishankar, decided to block the telemetry servers’ IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.
My robot vac will only operate when connected to the Internet so it’s only allowed to communicate when actually in use. As soon as it returns to the charger Internet access is automatically blocked.
Unfortunately the manufacturer has deliberately made this as inconvenient as possible. If communication is blocked for more than a few hours the vacuum loses all maps and will no longer even load saved maps from the Tuya app. To use it the vac must be powered down and the app killed. Only then can a saved map be restored.
It’s too bad it’s so useful.
Name and shame.
from the Tuya app.
it’s only allowed to communicate when actually in use.
What’s the point? The manufacturer is interested in the map of your apartment and usage statistics. What do you think it’s sending when not in use? Does it have a microphone or something?
Since I haven’t pulled it apart or tried to decrypt the ssl traffic I have no idea whether it has “a microphone or something.” That’s the point.
SSL bold of you to assume that
Say it with me. If buying doesnt mean 100% ownership…
Then pirating isn’t stealing.
… FUCK THE DMCA!
What did I win?
then they will buy it
Stalkerware is criminal digital slavery. It is sale and ownership of a part of a person to manipulate and exploit them.
I think your comparison to slavery is a bit overblown and minimizes the tragedy of actual slavery. But I agree with the sentiment.
But someone making money off of me without my consent is literally slavery. No one is saying that this form of slavery is equivalent to chattel slavery, so I don’t understand how this minimizes that? Do you also think that wage slavery or forced prison labor are not slavery?
As soon as you’re forced to buy that vacuum, sure, your analogy is rock solid and it’s like actual slavery.
There are other types of slavery besides American chattel slavery.
No. This robot vacuum situation is basically the Holocaust, and if you can’t see that then you are complicit. /s
Yeah down with the oppressors! Robot vacuums are also people!
Louis Rossman should do a segment on them.
He did. Where he said the article looked AI generated and so he wasn’t going to waste any time with it.
I have just purchased a Dreame L10s Ultra and have had the PCB for a breakout board made and components for setting it up ordered. In a few days I should get the last bits and I will be able to root the device and have it connect to Valetudo managed through Home Assistant. Fully local operation with basically the same features but none of the privacy issues. As soon as I can get it connected I will be able to use it just like a robot I actually own should without some random third party being involved in every single operation.
The mentioning of Valetudo should be more at the top to make people aware of the existing alternatives.
My aged Roborock S5 suddenly stopped working a year ago and only cleaned a very small segment making it effectively useless. Since I knew that data is exchanged with the manufacturer I suspected them to actively prevent the device from working properly to make me buy a new one. Thanks to Valetudo the device is working back again just fine. Meaning there never was a hardware (or software) failure, but a remote issue.
This is why free software is so important. The company can just lie to you about their product and for some reason it isn’t illegal. I really want to have a dishwasher and washing machine with an ESP32 controller and free software to control it, ideally with Home Assistant integration, but at this point I can’t find anything.
Just looked at the PCB board and man that guy is such a insufferable, gatekeeping twat.
I can see why you would feel that way but I came to a different conclusion. I agree with much of what he says given his position and circumstances.
The project is open source and anyone is welcome to fork it. He is not making something which will make money, provide a living, and secure his station as an open source guru. He is making something because he thinks it should exist and because he finds it interesting. He is not making something for end users, it isn’t for them, it is for people who have enough interest and knowledge to figure it out given the massive leg up he has provided already.
This means he does not do a bunch of things that would pull beginner users in. For example, there is not a simple GUI installer for this. He doesn’t sell kits to root your device. He doesn’t sell little server boxes based on a raspberry pi. He doesn’t have an app for quick discovery and configuration. All of these things would entice beginners and therefore induce them to install unsupported firmware on their several hundred to over a thousand dollar robot vacuum.
This would be hell. Each user with a new and unique way of not understanding the instructions would come up with new failures in an area where bricking your very expensive machine is easy. Can you imagine how much of a dick he would have to be to say “Nah, this is super easy, come give it a go” when the outcome would definitely be causing at least some people to lose hundreds of dollars in a few minutes? That would be him acting like a dick.
What he is doing has a second function. I have just ordered my first custom PCB. I have some components on the way and will be doing my second major electronics project once the parts arrive. I am much more experienced on the software end of things so I get all of the basics around using a terminal etc but now I am learning about using the UART interface and while it is a little bit sink and swim I am at a level where I understand how far outside my knowledge base this is and can take a reasonably informed risk. I am learning and growing and I am actually really excited. If it doesn’t work I will know enough to be helped through by the community but my expectation is I will fail at first and maybe take a few weeks to figure it out. Because of that expectation I am not doing this after my last vacuum broke and now I just desperately need this to work, that would add so much stress, instead I am doing this in the least stressful and most enjoyable way possible.
If I had been correctly scared off early I wouldn’t have lost a bunch of photos accidentally wiping a drive while installing Linux for the first time, so I would have used virtual machines for longer, but I also would have eventually gotten there. I got there by losing some data, but if I had a community around me it would have been better. He actively encourages community building and sharing knowledge. I think that is cool and would be an awesome outcome. I know I will be posting about my spare adapters once I am done making them to see if anyone else wants to learn how to do it.
As useful a smart device are, it’s very annoying that the company behind it are always either: 1) a scumbag that will collect data and will lockdown the device if people doesn’t use it their way; 2)incompetent idiots that can’t make a good software to save their life. So by using these device you basically have to pick the thing that you’re willing to lose.
It’s really too bad because robovac save me a lot of time and mental exhaustion.
If I don’t own it 100% then reimburse me if you disable it.
For me the worst part is that someone developed the functionality to monitor and track, until the signal is lost, and if so, kill. It’s really crazy how daring this is.
Had a kill command actually been sent, or does the device just not work without a remote server talking to it every so often?
Because the second one is probably worse from a “what if this company goes bust” standpoint.
Man itd be great if there was an answer to this. Maybe in an article somewhere. Guess we’ll never know.
Not to fear! Here is the relevant part so the next person coming by doesn’t have to read the article:
deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.
(Image credit: Harishankar)
So, why did the A11 work at the service center but refuse to run in his home? The technicians would reset the firmware on the smart vacuum, thus removing the kill code, and then connect it to an open network, making it run normally. But once it connected again to the network that had its telemetry servers blocked, it was bricked remotely because it couldn’t communicate with the manufacturer’s servers. Since he blocked the appliance’s data collection capabilities, its maker decided to just kill it altogether. "Someone—or something—had remotely issued a kill command,” says Harishankar. “Whether it was intentional punishment or automated enforcement of ‘compliance,’ the result was the same: a consumer device had turned on its owner.”
( ͡° ͜ʖ ͡°)
it was bricked remotely because it couldn’t communicate with the manufacturer’s servers.
That bit seems inaccurate… if it couldn’t communicate it wasn’t bricked remotely… it was more like digital seppuku.
Earlier in the article he says that he only disabled some of the network connections but he left open the ones for firmware updates and stuff so to me it’s not impossible that it was able to receive remote commands although I would certainly want to see more technical details to satisfy my curiosity.
The article says in words that it was a remote command. But again, we don’t have any details supporting that description. So maybe the journalist got it wrong.
I would certainly want to see more technical details
Certainly. By default most home networks block incoming traffic but then again if the’s the tinkerer type his network will most likely not be default.
This is something I’ve never understood about firewalls. If the vacuum cleaner is uploading and downloading stuff from https://somecorpo.net/, what stops it from listening for remote commands on that same connwction?
Or the kill command could have been a response to a request made by the vacuum.
Vacuum #2566247: checking in for firmware updates
Server response: it’s been 3 months since we received any telemetry data from vacuum #2566247 – sending kill command
He left the channels for updates and the kike open, he just blocked the outgoing telemetry calls from the device
Furthermore, the engineer made one disturbing discovery — deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.
I am planning to make a list of devices I really do NOT want near me. Starting with this one.
Network segmentation.
But yea, you don’t want a moving cam/mic device reporting home…
I was thinking about getting one but I learned that they do require a lot of maintenance like cleaning the brushes and you have to change parts regularly. That sounds like more work they just sweeping from time to time. Also, broom has a lower carbon footprint.
Ours has needed very little maintenance and has quickly become a necessity because it gets the floors much cleaner that we ever did. An unexpected consequence is that the whole house stays cleaner because we still spend some of the time and energy we were spending on sweeping on other cleaning tasks.
As much as the thing irritates me you’d have to pry it from my cold, dead hands.
I guess it depends on your use case. I know people with pets love them because sweeping hair is a lot of work. Probably the same with kids. For us with no pets or kids there’s really not that much sweeping.
Yeah, ours mops the floor every other day too. It’s really a game changer, having shining floors all the time has benefited me in myriad ways!
I also enjoy using the remote control feature to troll our cats while I’m at work.
There are privacy concerns, (mine is a Dreame), but we are already so far from an ironclad privacy operation that I feel keeping my wife from the purchase would be needlessly cruel.
I bought one and was disappointed to realise that i still need to (manually!) tidy up the rooms (kids’ toys, cats’ toys etc) for it to have good effect. yes, i am not very smart.
I wish companies would at least offer a “no data collecting/selling” price option. Like, how much would they make from selling my data? Just give me the option to pay that extra amount so I can buy a vacuum without thinking about how it’s spying on me.
My concern is that they’ll include the equipment for spying on you, and just enable it later.
I bought a Hue because it said “no online account required!” Later they changed their mind.
I want the promise plus open standards and a base of libre software. I want them to tie themselves to the mast.
Yeah, good point. Owners of Samsung “smart” refrigerators started seeing ads on them recently.
I’m sure there was some sort of legal terms that users had to agree to to enable that, but it still feels like a scam. Some amount of those fridge owners would not have bought the fridge if they knew there would be ads on it at any point in time.
I mean, if I felt I could control the little computer in a smart fridge without expending excessive effort to do so, I might be interested in getting one myself. Absent other concerns, a tablet integrated into my fridge could be handy to monitor the appliance, make quick or even automated grocery list updates, etc. Not earth shattering, but still marginally useful.
Do they not just a cheaper version that could come without wifi or Bluetooth? I usually get that option where available for any products. because I’m a cheap ass.
There are older models you can get that work that way. They’re just less convenient in that you have to clean them out yourself. I had one for a long time, but I wanted one that is self-emptying.
Same story with this guy (in french)
https://www.youtube.com/watch?v=OGMRUiBOFj0
Highly recommend watching his stuff, might be very technical but also super methodical
…when i ‘buy’ something, should i not own and be able to use it and all functions until the end of it’s mechanical processes?..
How is this legal?
Shitty terms of service.
