from the smart-tech-is-dumb-tech dept
We’ve long established that modern “smart” devices aren’t always all that smart.
Whether it’s “smart” door locks that are easily hacked to gain entry, “smart” refrigerators that leak your Gmail credentials, or “smart” vehicles that sell data to insurance companies without your permission, the act of modernizing something with internet access and a CPU isn’t always a step forward.
The latest case in point: one owner of the $300 iLife A11 smart vacuum realized that the device wasn’t just cleaning his home, it was creating a map of his entire living space, and then openly broadcasting it to its parent company via the internet:
“I’m a bit paranoid — the good kind of paranoid,” he wrote. “So, I decided to monitor its network traffic, as I would with any so-called smart device.” Within minutes, he discovered a “steady stream” of data being sent to servers “halfway across the world.”
“My robot vacuum was constantly communicating with its manufacturer, transmitting logs and telemetry that I had never consented to share,” Narayanan wrote. “That’s when I made my first mistake: I decided to stop it.”
When he prevented the device from sending data back to the corporate mothership, the device refused to boot up. After several efforts to get it “repaired,” the device fell out of warranty and he was left with a $300 paperweight. At that point, he dug a bit more deeply into the device, and found it was using Google Cartographer to create 3D maps of his home that were being transmitted back to its parent company.
Like most data collection of this type (in a country with no modern privacy laws or functioning privacy regulators), the vacuum maker wasn’t informing customers of this data collection and transmission. Digging through the vacuum’s code, he says he found specific instructions to stop the vacuum from working if the data collection ceased:
“In addition, Narayanan says he uncovered a suspicious line of code broadcasted from the company to the vacuum, timestamped to the exact moment it stopped working. “Someone — or something — had remotely issued a kill command,” he wrote.
“I reversed the script change and rebooted the device,” he wrote. “It came back to life instantly. They hadn’t merely incorporated a remote control feature. They had used it to permanently disable my device.”
This is just a vacuum. The same thing is happening with far more important devices, like your phone and vehicle. And again, we live in a country with a President (and corrupt court system) who is making it impossible to hold companies accountable for any of it.
Either by blocking regulatory oversight “legally” (see attempts to fine AT&T for location data collection), or by basically lobotomizing agencies like the FTC and FCC. U.S. privacy enforcement was already a sad joke; now it’s basically nonexistent. Surely that won’t be a problem longer term, right?
Filed Under: 3d mapping, privacy, security, smart home, smart vacuum, surveillance
