At first I thought ”Well, duh!”, but the manufacturer having a remote kill switch when he network blocked his vacuum from sharing his home map data with them, as well as unprotected root access when connecting to the vacuum… urgh.

The engineer says he stopped the device from broadcasting data, though kept the other network traffic — like firmware updates — running like usual. The vacuum kept cleaning for a few days after, until early one morning when it refused to boot up.

After reverse engineering the vacuum, a painstaking process which included reprinting the devices’ circuit boards and testing its sensors, he found something horrifying: Android Debug Bridge, a program for installing and debugging apps on devices, was “wide open” to the world. “In seconds, I had full root access. No hacks, no exploits. Just plug and play,” Narayanan said.

Since I dont see it mentioned, the company is

iLife

iLife makes vacuums that map your house and can be remote controlled

Just so we are clear. You should all up your name and shame game.

iLife A11 smart vacuum

In addition, Narayanan says he uncovered a suspicious line of code broadcasted from the company to the vacuum, timestamped to the exact moment it stopped working. “Someone — or something — had remotely issued a kill command,” he wrote.

“I reversed the script change and rebooted the device,” he wrote. “It came back to life instantly. They hadn’t merely incorporated a remote control feature. They had used it to permanently disable my device.”

In short, he said, the company that made the device had “the power to remotely disable devices, and used it against me for blocking their data collection… Whether it was intentional punishment or automated enforcement of ‘compliance,’ the result was the same: a consumer device had turned on its owner.”

They kill switched it remotely. Yikes.

Well, yes, that's what those cheap "smart" devices do. Or does anyone think cheap smart would fit into that device? Rule of thumb: if a device needs internet access, it is spying on you.

Yeah, I read about iRobot gathering and selling info about apartments like 10 years ago. People still alarmed by this are simply ignorant.

I know very well why I installed valetudo before I even started my new vac for the first time 😁

https://valetudo.cloud/

This article just screams rage-bait. Not that I am against making people aware of this kind of privacy invasion, but the authors did not bother to do any fact checking.

Firstly, they mention that the vacuum was "transmitting logs and telemetry that [the guy] had never consented to share". If you set up an app with the robot vacuum company, I'm pretty sure you'll get a rather long terms and services document that you just skip past, because who bothers reading that?

Secondly, the ADB part is rather weird. The person probably tried to install Valetudo on it? Otherwise, I have no clue what they tried to say with "reprinting the devices’ circuit boards". I doubt that this guy was able to reverse engineer an entire circuit board, but was surprised when seeing that ADB is enabled? This is what makes some devices rather straight forward to install custom firmware that block all the cloud shenanigans, so I'm not sure why they're painting this as a horrifying thing. Of course, you're broadcasting your map data to the manufacturer so that you can use their shitty app.

The part saying that it had full root access and a kill-switch is a bit worse, but still... It doesn't have to be like this. Shout-out to the people working on the Valetudo project. If you're interested in getting a privacy-friendly robot vacuum, have a look at their website. It requires some know-how, but once it's done, you know for sure you don't need to worry about a 3rd party spying on you.

At this point, if you buy a smart thing you have to know it's spyware.

“Someone — or something — had remotely issued a kill command,” he wrote.

“I reversed the script change and rebooted the device,” he wrote. “It came back to life instantly. They hadn’t merely incorporated a remote control feature. They had used it to permanently disable my device.”

In short, he said, the company that made the device had “the power to remotely disable devices, and used it against me for blocking their data collection… Whether it was intentional punishment or automated enforcement of ‘compliance,’ the result was the same: a consumer device had turned on its owner.”

Am I too dumb to understand why sending cartographer data is wrong?

His model is iLife A11 that has Lidar. He probably has an app that is used to control robot and shows cleaning progression. Vac 100% Lidar'd his entire home and sent data to create map in the app.

How in the fuck he thinks it is getting that map? If his ass so smart to find a killswitch and reverse it, how come he doesn't grasp that map data is sent to a server though which he ca use vac app? Like in what world is it not obvious?

Not even gonna discuss about TOS he signed, or that it is general cheap brand cheap but super smart model for it's price.

Unless some FOSS firmware and software is installed, that thing most certainly will ping back home every chance it gets.

Sidenote: My TV now is offline cause when it kept calling home (ove 60% of my pi-holes querries of all time was TV), it would freeze due to pi-hole block. Once set offline - issue is gone. I also know my robo vac is pinging, but at the same time if I block it, I'll lose app controls which I wont do. Sadly, my vac doesn't support Valetudo.

On paper all of this stuff is a great idea that would make our appliances more functional.

In reality, the best case scenario is that it’s sold to our corporate overlords so they can slap an ad on your refrigerator and sell you more plastic waste.

Worst case, it’s sold to ICE or some other fascist regime.

https://arstechnica.com/gadgets/2025/10/ring-cameras-are-about-to-get-increasingly-chummy-with-law-enforcement/

Wait till you find out what your wifi can do.

That is why I have denied internet access for my robot vacuum cleaner. Xiaomi doesn't need to know the blueprint of my house, and if it can't connect to the internet, there's no need for firmware updates.

I'll start the thing by pressing the button at the top.

Talkie Toaster is here. "Howdy-doodly-do, how's it going?"

I used to be on a mailing list where American companies offered money to people in the third world for menial manual tasks. Like sending pictures of random crap from different angles and such. One time I got an email offering 4 of these things and $100 and all I had to do was put one of them in my home and use it for a week and give the other 3 away. Goes without saying they're clearly a privacy nightmare.

Sheeesh, his fucking mobile phone mapped and photographed his house long ago.

He’s going to have a heart attack to find out that the floor plan to most houses are available online and have been for a long time.

I don't care if they map my house, just give me raw access to the data. Them having access to the speaker and mic, i'm more concerned about.

I remember about news of some Israeli intelligence operatives who jogged around their HQ only to be outed by their tracks on Strava.

Shit I’m scared of my home speakers echo locating my furniture and the size of my domicile

I live in a prefabricated home that is a different color than my neighbor's. Can I gift them one of these robots to get a blueprint of their house? It is already easily googled but I feel that making a robot do it keeps them lower on the food chain.