Hacking A Robot Vacuum To Write A Replacement App

A smartphone with a robot vacuum in the background

While internet-connected devices can be very useful around the house, and it is pretty cool to be able to monitor your dishwasher from half a world away, it’s important to be mindful of privacy and security issues. For instance, the Cecotec Conga 1490 robot vacuum [Rastersoft] bought came with an Android app, which upon installation asked for near-total access to the user’s phone. Not content with such an invasion of privacy, let alone the potential security implications, [Rastersoft] set to work trying to reverse engineer the robot’s communications (translated) to find out what exactly it was doing when online. He did this by configuring a Raspberry Pi as an access point, letting the vacuum connect to it, and logging all the data flowing through.

As it turned out, the robot phoned home to its manufacturer, reporting its serial number and some configuration settings. The server then passed control to the mobile app, but not without routing all subsequent commands through the remote server. Not only is this creepy, it also means that if the manufacturer were to shut down the server, the app would stop working entirely. [Rastersoft] therefore got the idea to write custom software to control the robot. He began by reconfiguring the Pi’s network setup to fool the vacuum into thinking it was connecting to its manufacturer’s server, and then wrote some Python code to emulate the server’s response. He was now in control of all data flowing back and forth.

After a lot of experimentation and data analysis, [Rastersoft] managed to decipher the commands sent by the app, enabling him to write a complete replacement app seen in the video after the break that includes control of all the vacuum’s standard actions, but also a new feature to manually control the vacuum’s movement. All code is available on GitHub for those who would like to hack their Congas too.

We think this is a great example of software hacking to future-proof devices that you own, while also mitigating many of the dangers to your security and privacy posed by the default software. The fact that the commands you send from your phone to your vacuum go all the way around the world, potentially being stored and read by others, is rather ridiculous in the first place. After all, we’ve already seen how robot vacuums could spy on you.


17 thoughts on “Hacking A Robot Vacuum To Write A Replacement App

  1. Highly welcome and mucccchhhh needed – all in for open vacuum!

    We bought such a nonsense device (“iRobot”). Unbelievable, how insanely bad the path finding and “route planning” is. I assume the software was written by drunk teenage Chinese schoolgirls with their eyes blindfolded and single handed. Or there is no software at all but just random commands. Nothing against Chinese schoolgirls btw.

    Yes, we live in times where all the “intelligent” household devices are so dumb that we have to hack them in order to make proper use of what their “developers” have their PR advertise.

    Shoot me.

    1. The original Roomba algorithm was exactly your second guess: random movement (aside from some spirals and edge following). They published their studies on how this resulted in full room coverage anyway. This was the case for the first few generations, but I think some of the latest ones claim to have AI room mapping, ect…

      1. The only Artificial Idiocy this BS device has is that it most of the times finds its charging station. It has NEVER been able to clean a single almost square, freely accessible room completely. Due to its chaotic directions, it always – no exceptions – leaves areas in the center of the room completely untouched.

        If I had the time to write a new pathfinding algo for this rubbish, I’d do. However, I bought the device because, I don’t have time to swing the broom myself. But considering how bad this tech is – having the dogs rub their bellies on the ground is way more productive anyway.

  2. This is great hacking. Thanks for publishing.

    The scary part is that this hacking is only possible due to the manufacturer’s sloppyness (or cluelessness). Had they done their homework, they’d have used some cryptographic securing of the protocol, so that hacking clearly constitutes circumvention of copyright protection and thus runs afoul of the law.

    Don’t believe me? Look at the inkjet printer refill “protection” or at the shenanigans John Deere is playing with their replacement parts.

    In my opinion such manufacturers belong before court. Together with the car manufacturers having done their exhaust cheating (“Dieselgate”).

  3. Can someone just make an app for my phone that acts as an isolaton chamber for all other apps, other apps will be under the impression that they have acess to my text’s and photos and all sensors on the phone, but they would just get fake data, so that I could look up when the next bus arrives without sharing the content of my phone with a cloudserver in China?

  4. I know of two such apps (for Android):

    * Shelter
    * Island (there is also a derivate called Insular)

    They use the work profile. All apps that are put in the work profile are isolated from the rest.
    So, it’s not exactly what you want (each app isolated on it’s own island), but it usually does what you need.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.