While internet-connected devices can be very useful around the house, and it is pretty cool to be able to monitor your dishwasher from half a world away, it’s important to be mindful of privacy and security issues. For instance, the Cecotec Conga 1490 robot vacuum [Rastersoft] bought came with an Android app, which upon installation asked for near-total access to the user’s phone. Not content with such an invasion of privacy, let alone the potential security implications, [Rastersoft] set to work trying to reverse engineer the robot’s communications (translated) to find out what exactly it was doing when online. He did this by configuring a Raspberry Pi as an access point, letting the vacuum connect to it, and logging all the data flowing through.
As it turned out, the robot phoned home to its manufacturer, reporting its serial number and some configuration settings. The server then passed control to the mobile app, but not without routing all subsequent commands through the remote server. Not only is this creepy, it also means that if the manufacturer were to shut down the server, the app would stop working entirely. [Rastersoft] therefore got the idea to write custom software to control the robot. He began by reconfiguring the Pi’s network setup to fool the vacuum into thinking it was connecting to its manufacturer’s server, and then wrote some Python code to emulate the server’s response. He was now in control of all data flowing back and forth.
After a lot of experimentation and data analysis, [Rastersoft] managed to decipher the commands sent by the app, enabling him to write a complete replacement app seen in the video after the break that includes control of all the vacuum’s standard actions, but also a new feature to manually control the vacuum’s movement. All code is available on GitHub for those who would like to hack their Congas too.
We think this is a great example of software hacking to future-proof devices that you own, while also mitigating many of the dangers to your security and privacy posed by the default software. The fact that the commands you send from your phone to your vacuum go all the way around the world, potentially being stored and read by others, is rather ridiculous in the first place. After all, we’ve already seen how robot vacuums could spy on you.
17 thoughts on “Hacking A Robot Vacuum To Write A Replacement App”
Highly welcome and mucccchhhh needed – all in for open vacuum!
We bought such a nonsense device (“iRobot”). Unbelievable, how insanely bad the path finding and “route planning” is. I assume the software was written by drunk teenage Chinese schoolgirls with their eyes blindfolded and single handed. Or there is no software at all but just random commands. Nothing against Chinese schoolgirls btw.
Yes, we live in times where all the “intelligent” household devices are so dumb that we have to hack them in order to make proper use of what their “developers” have their PR advertise.
The original Roomba algorithm was exactly your second guess: random movement (aside from some spirals and edge following). They published their studies on how this resulted in full room coverage anyway. This was the case for the first few generations, but I think some of the latest ones claim to have AI room mapping, ect…
The only Artificial Idiocy this BS device has is that it most of the times finds its charging station. It has NEVER been able to clean a single almost square, freely accessible room completely. Due to its chaotic directions, it always – no exceptions – leaves areas in the center of the room completely untouched.
If I had the time to write a new pathfinding algo for this rubbish, I’d do. However, I bought the device because, I don’t have time to swing the broom myself. But considering how bad this tech is – having the dogs rub their bellies on the ground is way more productive anyway.
Early roombas had a DIN socket and irobot published their control protocol so you could control the roomba with your own microcontroller. Not sure if your model has this.
The algorithm was written by an U.S. developer living in Boston. IRobot is an American company. https://en.wikipedia.org/wiki/IRobot
Doesn’t make it usable. I have seen a lot of rubbish being created by U.S. developers.
if the developers wrote the marketing it would say exactly what the device does. It’s the marketing department going “freestyle” and creative on the featureset
I welcome such hacks in our world of increasing snoop!
I don’t think we ever loaded an app for our Roomba. It just goes when we push the button.
I wonder how much stuff built these days will stop working when the manufacturer goes OOB or stops supporting it.
This is great hacking. Thanks for publishing.
The scary part is that this hacking is only possible due to the manufacturer’s sloppyness (or cluelessness). Had they done their homework, they’d have used some cryptographic securing of the protocol, so that hacking clearly constitutes circumvention of copyright protection and thus runs afoul of the law.
Don’t believe me? Look at the inkjet printer refill “protection” or at the shenanigans John Deere is playing with their replacement parts.
In my opinion such manufacturers belong before court. Together with the car manufacturers having done their exhaust cheating (“Dieselgate”).
Good that most manufactuars are to stupid to implement client server authentication with tls :D
Can someone just make an app for my phone that acts as an isolaton chamber for all other apps, other apps will be under the impression that they have acess to my text’s and photos and all sensors on the phone, but they would just get fake data, so that I could look up when the next bus arrives without sharing the content of my phone with a cloudserver in China?
Easy: have two phones :-D
Having old Roomba for this purpose but never get close enough to starting working on it.
There is another project which aims to free Chinese vacuums from their obsessive ‘phone-home’ behaviour: Valetudo.
It disconnects vacuums from Xiaomi, Dreame and others from the cloud and allows local control, also over MQTT etc.
This works with conga 3000 series?
Im saying this cause conga app never works
I know of two such apps (for Android):
* Island (there is also a derivate called Insular)
They use the work profile. All apps that are put in the work profile are isolated from the rest.
So, it’s not exactly what you want (each app isolated on it’s own island), but it usually does what you need.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)