We would have enjoyed [Harishankar’s] tear down of a robot vacuum cleaner, even if it didn’t have a savage twist at the end. Turns out, the company deliberately bricked his smart vacuum.
Like many of us, [Harishankar] is suspicious of devices beaming data back to their makers. He noted a new vacuum cleaner was pinging a few IP address, including one that was spitting out logging or telemetry data frequently. Of course, he had the ability to block the IP address which he did. End of story, right?
No. After a few days of working perfectly, the robot wouldn’t turn on. He returned it under warranty, but the company declared it worked fine. They returned it and, indeed, it was working. A few days later, it quit again. This started a cycle of returning the device where it would work, it would come home and work for a few days, then quit again.
You can probably guess where this is going, but to be fair, we gave you a big hint. The fact that it would work for days after blocking the IP address wouldn’t seem like a smoking gun in real time.
The turning point was when the company refused to have any further service on the unit. So it was time to pull out the screwdriver. Inside was a dual-CPU AllWinner SoC running Linux and a microcontroller to run the hardware. Of course, there were myriad sensors and motors, too. The same internals are used by several different brands of vacuum cleaners, so these internals aren’t just one brand.
Essentially, he wrote his own software to read all the sensors and drive all the motors using his own computers, bypassing the onboard CPU. But he found one thing interesting. The Android Debug Bridge was wide open on the Linux computer. Sort of.
The problem was, you could only get in a few seconds after booting up. After that, it would disconnect. A little more poking fixed that. The software stack was impressive, using Google Cartographer to map the house, for example.
But what wasn’t impressive was the reason for the repeated failures. A deliberate command was sent to kill the robot when it quit phoning home with telemetry. Of course, at the service center, it was able to report and so it worked fine.
The hardware and the software are impressive. The enforcement of unnecessary data collection is not. It does, however, make us want to buy one of these just for the development platform. [Harishankar] has already done the work to make it useful.
It isn’t just vacuums. Android phones spew a notorious amount of data. Even your smart matress — yes, there are smart matresses — can get into the act.
-1 for the “AI”-generated header image. Now I don’t care to even read the blog post.
You mean the “photo” of the board? Or do you mean because the post was written by AL Williams? Oo
No, you mean the actual original post. Never mind then, though I’m still shaking my head
The first link to the blog. Not the second link to the github page.
In the linked article, he IDs the thing to be an iLife A11. Listed as “Currently unavailable” with very bad reviews on Amazon. A12 ($169.99) and A30 ($189.99) are still available and I have little doubt that they have the same “feature.”
In other privacy news, Flock Safety, the AI aided license plate tracker system (which they also brag about being able to track cars without a needing a plate simply by other characteristics unique to a particular car) are teaming up with the Ring home security camera service.
Go to Musk’s grok and request the following without the quotes: “Palantir + Flock Safety + Ring + Starlink + AI. Connect the dystopian dots in detail.”
And this is why I’m on a wired network. I have a so-called “smart” tv, and I didn’t set up the wifi on it.
I just watch my local news and weather. I don’t need wifi for that.
You don’t even need a tv for news and weather. Face the fact, your an ad junkie.
DuckDuckGo publish an app for Android that hooks into Android’s VPN system to block a lot of telemetry to known tracking companies. It allows you to see counts of what apps have been blocked and to which receivers.
There are smart matresses? OMG! I’m just imagining how this probably gets used. Customer ‘had a good night’ last night. Customer is probably amenable to buying from this list of goods which studies show happy people buy. Customer hasn’t ‘had a good night’ in months. Customer might be amenable to buy from this other list.
This is hell right? When did I die?
Kill Switch to brick all sold units. Just shut down the server.
I’m struck by the amount of compute power here and yet the support people somehow weren’t able to detect that the robot stopped working because it couldn’t phone home. I’d be surprised if that data wasn’t available in non-volatile storage on the device.
Oh I expect most of them could, but they don’t care just follow the script. And no doubt step 1 of the script is connect it to the testing network and hit run… Which in this case would just magically have it work, no problem here return it.