Slashdot Mirror
Is Sharp's Robot Vacuum Cleaner Vulnerable To Remote Take-over? (jvn.jp)
Slashdot reader AmiMoJo reports: Sharp's COCOROBO (heart-bot) vacuum cleaners can not just clean your house. They have cameras that can be viewed from a smart phone, and automatically take pictures of things they find under your sofa. They have microphones and voice recognition, and are able to ask how your day was when you get home from work. You can even activate their speakers and talk to your pets from the office. Unfortunately, so can anyone else if you don't install critical firmware updates.
JPCERT's warning says that the attacker must be on the same LAN to impersonate you, though "as a result, there is a possibility that an arbitrary operation may be conducted."
JPCERT's warning says that the attacker must be on the same LAN to impersonate you, though "as a result, there is a possibility that an arbitrary operation may be conducted."
How about checking under the sofa cushions? Maybe it would be able to earn a wage.
#DeleteFacebook
Impersonating owner: "COCO, vacuum house."
Hehehehehehe, that'll fix them!
n/t
Escher was the first MC and Giger invented the HR department.
My vacuum has been hacked and now it just chases the cat? Why does my vacuum like pussy so much? Really? Who gives a shit if they hack yer vacuum cleaner?
If Roomba made a self-emptying model, I'd be all over that like nobody's business.
File under 'M' for 'Manic ranting'
A vulnerability has been discovered that leaves the general public vulnerable to eavesdropping attacks! Owners of CDG devices are subject to attacks from random strangers who are in the same home. By simply placing one end of the device against a wall and placing the ear against the other side your private communications may be leaked! These CDGs, also referred to as "common drinking glasses", or sometimes just "glasses" are a serious security flaw. There is NO Firmware update planned. If you have CDGs in your home you should bring them to the landfill immediately or risk suffering the consequences!
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
I don't want a vacuum cleaner connected to the Internet, nor do I want a vacuum cleaner asking me how my fucking day was.
In just about every story headline looking for clicks/views by asking a shocking question, the answer is almost always "no".
When it comes to little network devices that populate your house and connect to the Internet it is pretty much only a matter of "when" and not "if" when it comes to being able to hack into the devices and take over control.
So when asked "Is [latest IoT device] vulnerable to remote take-over?" the answer is most certainly "YES".
Unfortunately, so can anyone else if you don't install critical firmware updates.
Seriously, it's not that hard to vacuum/sweep your floors.
It must have been something you assimilated. . . .
there is a product that is vulnerable under certain conditions, but a patch is available.
Where is the story?
Yeah they should compress the waste into a little ball and eject it into the trash.
http://d3d71ba2asa5oz.cloudfro...
#DeleteFacebook
It wouldn't need to go so far. Simply having a facility to self-empty, and dispose of its canister contents in a larger bin at the charger's base-station when it's full before going and resuming vacuuming where it left off would be more than adequate.
File under 'M' for 'Manic ranting'
If Roomba made a self-emptying model, I'd be all over that like nobody's business.
Damn. How filthy is your house?
I had three Newfoundlands at one time and my two Roombas worked fine, as long as I ran them every day or two.
Run your Roomba more than once every two years.
I've had a few different robot vacuums over the years. They don't replace vacuuming entirely, but they do reduce the workload a lot.
If you run them regularly then the small bin size isn't a problem, as there isn't that much to pick up. They can't get in every corner but remove the majority of new dust and debris coming into the house. You can then touch up after it every now and then with a powerful hand held manual vacuum every now and then.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
But but but! There's money left on the table! If the manufacturer can remotely map your house and slurp that data up they can monetise it somehow! Won't somebody please think of their profit margins >.
This is "The Hacker and The Ants" territory...
They are vacuum cleaners. They do not need MICROPHONES. If you can't bother to control it via an App, then connect up Amazon's Alexis and let Alexis convert your voice into vacuum cleaner commands.
Same thing for cameras. What moron thinks that letting your vaccuum cleaner take pictures in your home is a good idea>
As for me, I don't trust Amazon with a mike in my home, let alone some random vacuum company maker.
excitingthingstodo.blogspot.com
First world problems abound. What's it going to do, give you a nasty suck?
In actual fact,what the fsck do you want a robotic Hoover for anyway? Like most of these autonomous things, they never work properly and, once the "Ah, lookit going across the floor traumatising the poor dog again" novelty wears off, you're left however much money you paid and several IQ points the poorer.
Tish, pshaw and, indeed, codswallop. Also, your dog now hates you and anyone who looks like you. Aren't you proud?
Resistance is futile. Reactance buggers it up.
The greatest danger I can see is a tech savvy burglar using the device to see if the house is occupied. One could do the same thing with a "smart" water meter. If someone can determine that no one is home, they can break in and take all the time they want. This may or may not be possible, but you can't really limit yourself when thinking about how technology can be misused.
It's not really filthy... there are just multiple pets here that shed. A lot. With a regular vacuum, which is going to generally do a better job than a robot vacuum anyways, we already have to vacuum every two or three days or it gets crazy, Robot vacuum canisters are very tiny, and there are a couple of rooms in our house where a robot vacuum might only just be barely able to finish that one room before its canister needed to be emptied. Multiple vacuums would solve the problem, but that would just double or triple the price.
Is it really so much to ask for a robot vacuum that can empty its own canister when its full into a larger bin a base station before resuming the task for which it was programmed?
File under 'M' for 'Manic ranting'
We already vacuum every two or three days as it is to keep up with the fur and hair that our pets leave everywhere. While a robot vacuum could be programmed to run every day, I think it's unlikely a single robot vacuum could manage even one day without having an issue because of the small bin size. 2 or 3 robot vacuums would probably do the trick, but then that's 2 or 3 times the price as well... and even a single robot vacuum is going to already be much more than what you would pay for a regular vacuum.
File under 'M' for 'Manic ranting'
Unfortunately, so can anyone else if you don't install critical firmware updates.
Seriously, it's not that hard to vacuum/sweep your floors.
Sadly, in 15 years we will probably be saying that about underwear.
The thread does beg the question, if a vacuum is easily set on fire remotely, does that mean that the vacuum really sucks? If so, although an average end-user would want a vacuum that really sucks, would they want a vacuum that sucks in this thread's context? Also, does the vacuum catching fire from indirect unapproved interfacing to it mean that the manufacturer will cast the warranty to Void? If so, does this mean that the owner will need to return to manual garbage collection? Will people even realize the gravity of the issue, and if not will they be doomed to be stretched beyond limit and then left in the dark and crushed?
Now imagine that this CDG works from across the street through the WiFi.
Even the cheap 100 euro ones are actually not bad these days, especially if you restrict them to one or two rooms.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
anyone can impersonate you on your own LAN. How the hell is your router, or your printer, or whatever going to know it's you? That vacuum machine is no more or less safe than any other thing you hook up at home.
The vacuum asks, comes curiously close and raises its camera.
My vacuum and I shouldn't have trust issues.
Except it doesn't, because the WiFi is encrypted. I know, next you are going to say that people are breaking WPA2 left and right because it is super easy, and they will target one of these vacuums when they do because that is the most juicy target. Seriously, get a clue; learn about security landscapes.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Any IoT device that is connected to the internet will almost always start with no, they cannot be taken over. But when (not if) an exploit is discovered then it will be possible. It's like Moore's law.
Yes, and it's protected by a password. Often the dog's name or the home phone number. Or someone abuses WPS to gain access.
I guess you opted out of the opportunity to get a clue.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
No, it's just that I have a realistic view of the actual state of security in networks, including those set up by people reading a flip book and people who don't even do that much.
You seem to be ignorant of the known issues with WPS including common user errors.