Slashdot Mirror
Is Sharp's Robot Vacuum Cleaner Vulnerable To Remote Take-over? (jvn.jp)
Slashdot reader AmiMoJo reports: Sharp's COCOROBO (heart-bot) vacuum cleaners can not just clean your house. They have cameras that can be viewed from a smart phone, and automatically take pictures of things they find under your sofa. They have microphones and voice recognition, and are able to ask how your day was when you get home from work. You can even activate their speakers and talk to your pets from the office. Unfortunately, so can anyone else if you don't install critical firmware updates.
JPCERT's warning says that the attacker must be on the same LAN to impersonate you, though "as a result, there is a possibility that an arbitrary operation may be conducted."
JPCERT's warning says that the attacker must be on the same LAN to impersonate you, though "as a result, there is a possibility that an arbitrary operation may be conducted."
How about checking under the sofa cushions? Maybe it would be able to earn a wage.
#DeleteFacebook
n/t
Escher was the first MC and Giger invented the HR department.
My vacuum was hacked and it caught fire.
If Roomba made a self-emptying model, I'd be all over that like nobody's business.
File under 'M' for 'Manic ranting'
A vulnerability has been discovered that leaves the general public vulnerable to eavesdropping attacks! Owners of CDG devices are subject to attacks from random strangers who are in the same home. By simply placing one end of the device against a wall and placing the ear against the other side your private communications may be leaked! These CDGs, also referred to as "common drinking glasses", or sometimes just "glasses" are a serious security flaw. There is NO Firmware update planned. If you have CDGs in your home you should bring them to the landfill immediately or risk suffering the consequences!
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
The HCF instruction implies "HALT" rather than "HACK," so, if executed, at least it would have stopped first.
I don't want a vacuum cleaner connected to the Internet, nor do I want a vacuum cleaner asking me how my fucking day was.
Unfortunately, so can anyone else if you don't install critical firmware updates.
Seriously, it's not that hard to vacuum/sweep your floors.
It must have been something you assimilated. . . .
http://d3d71ba2asa5oz.cloudfro...
#DeleteFacebook
It wouldn't need to go so far. Simply having a facility to self-empty, and dispose of its canister contents in a larger bin at the charger's base-station when it's full before going and resuming vacuuming where it left off would be more than adequate.
File under 'M' for 'Manic ranting'
I've had a few different robot vacuums over the years. They don't replace vacuuming entirely, but they do reduce the workload a lot.
If you run them regularly then the small bin size isn't a problem, as there isn't that much to pick up. They can't get in every corner but remove the majority of new dust and debris coming into the house. You can then touch up after it every now and then with a powerful hand held manual vacuum every now and then.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Vacuum on fire! Put it out!
Faster! Faster! Faster would be better!
They are vacuum cleaners. They do not need MICROPHONES. If you can't bother to control it via an App, then connect up Amazon's Alexis and let Alexis convert your voice into vacuum cleaner commands.
Same thing for cameras. What moron thinks that letting your vaccuum cleaner take pictures in your home is a good idea>
As for me, I don't trust Amazon with a mike in my home, let alone some random vacuum company maker.
excitingthingstodo.blogspot.com
The greatest danger I can see is a tech savvy burglar using the device to see if the house is occupied. One could do the same thing with a "smart" water meter. If someone can determine that no one is home, they can break in and take all the time they want. This may or may not be possible, but you can't really limit yourself when thinking about how technology can be misused.
It's not really filthy... there are just multiple pets here that shed. A lot. With a regular vacuum, which is going to generally do a better job than a robot vacuum anyways, we already have to vacuum every two or three days or it gets crazy, Robot vacuum canisters are very tiny, and there are a couple of rooms in our house where a robot vacuum might only just be barely able to finish that one room before its canister needed to be emptied. Multiple vacuums would solve the problem, but that would just double or triple the price.
Is it really so much to ask for a robot vacuum that can empty its own canister when its full into a larger bin a base station before resuming the task for which it was programmed?
File under 'M' for 'Manic ranting'
We already vacuum every two or three days as it is to keep up with the fur and hair that our pets leave everywhere. While a robot vacuum could be programmed to run every day, I think it's unlikely a single robot vacuum could manage even one day without having an issue because of the small bin size. 2 or 3 robot vacuums would probably do the trick, but then that's 2 or 3 times the price as well... and even a single robot vacuum is going to already be much more than what you would pay for a regular vacuum.
File under 'M' for 'Manic ranting'
Unfortunately, so can anyone else if you don't install critical firmware updates.
Seriously, it's not that hard to vacuum/sweep your floors.
Sadly, in 15 years we will probably be saying that about underwear.
The thread does beg the question, if a vacuum is easily set on fire remotely, does that mean that the vacuum really sucks? If so, although an average end-user would want a vacuum that really sucks, would they want a vacuum that sucks in this thread's context? Also, does the vacuum catching fire from indirect unapproved interfacing to it mean that the manufacturer will cast the warranty to Void? If so, does this mean that the owner will need to return to manual garbage collection? Will people even realize the gravity of the issue, and if not will they be doomed to be stretched beyond limit and then left in the dark and crushed?
Because it has a CAMERA and can be driven around the house through the smart phone interface. If it gets hacked, the bad guy gets a mobile spy cam in your house.
Now imagine that this CDG works from across the street through the WiFi.
Even the cheap 100 euro ones are actually not bad these days, especially if you restrict them to one or two rooms.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
My vacuum and I shouldn't have trust issues.
Except it doesn't, because the WiFi is encrypted. I know, next you are going to say that people are breaking WPA2 left and right because it is super easy, and they will target one of these vacuums when they do because that is the most juicy target. Seriously, get a clue; learn about security landscapes.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Any IoT device that is connected to the internet will almost always start with no, they cannot be taken over. But when (not if) an exploit is discovered then it will be possible. It's like Moore's law.
Yes, and it's protected by a password. Often the dog's name or the home phone number. Or someone abuses WPS to gain access.
I guess you opted out of the opportunity to get a clue.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
No, it's just that I have a realistic view of the actual state of security in networks, including those set up by people reading a flip book and people who don't even do that much.
You seem to be ignorant of the known issues with WPS including common user errors.