DEF CON 31 - Vacuum Robot Security & Privacy Prevent yr Robot from Sucking Your Data - Dennis Giese
ฝัง
- เผยแพร่เมื่อ 5 ก.ค. 2024
- Exactly 5 years ago we were presenting ways to hack and root vacuum robots. Since then, many things have changed. Back then we were looking into ways to use the robots' "dumb" sensors to spy on the user (e.g. by using the ultrasonic sensor). But all our predictions were exceeded by the reality: today's robots bring multiple cameras and microphones with them. AI is used to detect objects and rooms. But can it be trusted? Where will pictures of your cat end up?
In this talk we will look at the security and privacy of current devices. We will show that their flaws pose a huge privacy risk and that certification of devices cannot be trusted. Not to worry, though - we will also show you how to protect yourself (and your data) from your robot friends.
You will learn on how you can get root access to current flagship models of 4 different vendors. Come with us on a journey of having fun hacking interesting devices while preventing them from breaching your privacy. We will also discuss the risks of used devices, for both old and new users.
Finally, we will talk about the challenges of documenting vacuum robots and developing custom software for them. While our Primary goal is to disconnect the robots from the cloud, it is also for users to repair their devices - pwning to own in a wholesome way. - วิทยาศาสตร์และเทคโนโลยี
My mother started buying old model iRobot Roombas off eBay years ago. She has a fleet of about 6 of them...
The beauty of these old models is they literally do have just optical sensors, switch based sensors and a very low power microcontroller with no internet access at all.
Some of them are now well over 10 years old, and still work great (new battery packs every few years of course).
If I can't have full control of a network connected -camera- optical sensor, then that -camera- optical sensor can't be on my network. Sheesh these products definitely shouldn't exist. Great talk!
The formatting on TH-cam mobile cut off “data” at the end of the title, turning it into “Prevent yr Robot Vacuum From Sucking Your…”, leading me to speculate that this video was gonna go in a wildly different direction.
They'd have much higher sales if the robot went in that other direction, but just think of the privacy concerns with that one - now the info they have to sell to 3rd parties is the size of your d___ and how often you like to have it sucked!
@@gorak9000 that Ted Kaczynski fella had a pretty famous quote that would seem to stem from situations like you just mentioned.
I only want 2 things, STOP phoning home and easy/full integration into Home Assistant. Sell me that product and I wouldn't need to hack anything.
iRobot's products pretty much allow for this. The Home Assistant Integration works well and it works without the cloud, so as long as you can disable internet access for the robot on your router you're in business.
Thats what I try to tell the vendors for the past 5 years. I met with them in 2018 and told them that they can make a lot of people happy by allowing local-only control. And that I would not need to hack their stuff anymore. Roborock promised me to think about it... but it went nowhere.
Moral of the story: Hackers will always get into physical devices
And: don't use any of such, if you are hot.
And: Some vacuum cleaners suck.
I'll see myself out...
Edit: Correction
ALL vacuum cleaners suck. Especially if they don't
Moral of the story everything is a physical device at some point, so hackers get into everything...
Tfw you realise that you are a physical device 😳
That's totally irrelevant, unless it has wireless capability to transmit information.
I have benefited greatly from your work and am a huuuuuuge fan of Valetudo! Please keep up the good work.
I try :)
"companies can say alot of things if the day is long" hahahaha now I'm 100% hes german.
And my friends tell me I'm crazy for having IoT devices on their own VLAN :D
Great talk. The way he talked really kept my watching. Cool stuff there.
Damn you guys are persistent 😀I rally enjoyed watching this. Good stuff guys. Thanks to your hard work these companies have to make their stuff secure.
Glad to hear. We also got Ecovacs at the 37C3 in Hamburg (see th-cam.com/video/56N1dYfdVf4/w-d-xo.html ). So now we got 60% of all of the vacuum robot market :)
@@dennisgiese5591 Splendid. I have 3 iRobots (1x S9+ and 2x J9+) and I was happy to find they were pretty secure although I'm sure if you get your hands on them they'd reveal all their secrets in a few minutes 😀
Thanks for single handedly doubling the cost of a robot vacuum
Great talk!
Oh, that‘s the answer to many questions of mine concerning embedded devices.
This may well work on NAS and also some routers 🧐
great talk. thanks for all your research, tho I know you must also love doing it!
Why do these things need the cloud at all?
To add vulnerabilities to your home?
@@asumazilla seems like it. Pick up the dirt and don't damage my furniture. I don't want to worry about pictures in the cloud.
probably to be accessible by devices outside of the home network without port forwarding
but also so the corpos can sell the users' data
@jm56585 it's a vacuum. Why can't it be self contained?
@@geniferteal4178 Because in this day and age, nothing is self contained. Everything phones home, and will instantly break if the company (and the backend) disappears, or if they think you're being naughty. How are they going to sell your data without uploading it into their cloud first?
I am Jack's complete lack of surprise
admirable work !
I hope you get some honor and reward for it !
There is always the problem between reporting bugs to the vendor (and getting a bounty) or disclosing it to the community (getting fame, but no bounty). So far, I have chosen the second path. Telling the vendor in advance would kill the custom firmware and root-ability of the device. The only way to support the community is to release it all at one event.
Man, I wish he were devoting even 1% of this awesome energy into hacking Litter Robots. They're locked down now and don't work with Homekit anymore.
What are Litter Robots?
@@dennisgiese5591 a self-scooping cat litter box. Some have network connectivity.
@@dennisgiese5591 they autoscoop cat litter
@@dennisgiese5591 Looks like its a $1000(AUD) automatic cat litter box.
A 'white hat' take on this would be using a vacuum robot instead of a radio-controlled drone or car and run around the house with it having fun while doing something genuinely useful at the same time. A stereoscopic vacuum robot and VR glasses would also provide an interesting view of the world.
If there are pets, and they are used to such as device, then with the vacuum motor off one of these could be used to quietly check up on a pet or even a child without arousing suspicion from the owner or parent. There a positive and helpful uses of such a modified device.
Using a modified robot vacuum as a security robot (possibly as well as a vacuum) could also be very helpful, It could be programmed to quietly conduct surveillance of a room or even and entire floor. This could be tied in to an advanced security system with the 'robot vacuum' sent to 'investigate' a detection by the main security system.
17:32 -> allwinner R16
Cobra Bora by 808 state at the end?
Great presentation!
Do you know which CVE Id would be associated with the vulnerability you found in the UBoot?
Thanks!
There is none, as I do not apply for them (tbh, I do not even know how, lol). Keep also in mind, that there are slightly different issues in different implementations that I abuse here.
Is a relatively recent model even rootable (e.g. to put Valetudo) by a mortal anymore? Most tutorials have comments suggesting the rooting method's been patched..
I have all my smart things connected to a separate LAN that is not able to access the other LANs i have, so even if they try sketchy stuff in the network, it can not affect my important stuff.
VLANs for the win ;-)
@@sygad1Oh yes, so handy! Also have one for visitors, and on that network, no unit can access another unit so they are safe from eachother. Also have one i can activate when i play around - a play around network so to say. All four available as wireless, but, smart home is not visible and the playaround normally closed.
@@Xanthopteryxfor extra caution, I have all my cameras and a very locked down VLAN with absolutely NO internet access. I use a VPN tunnel to access my cameras.
@@Xanthopteryxwhat router do you use to do that? just curious.
@@stefan0roNetgate 1100 and UniFi managed switch and their UFO. Really nice stuff but not totally intuitive for beginners. I also switch our digital TV (VLAN) straight in so no need for the operators special equipment.
What are they worried about, privacy problems and the resulting bad press? It seems to me a hackable device would increase sales, if anything (at least enough to counter higher return rates anyway).
the average person isn't a hacker/modder, they just want something that works and that they can access from their phone
I think Chinese companies try to protect their devices against other Chinese companies. Also, the code quality is not great, so it might give them bad press if they get caught.
These guys need an audio vendor that can mix without ringing, sheesh
Apple always do that why not the Roomba?
Was hoping to see something about shark brands
Im alright the sensor board in mine broke/disconnected, after about 2weeks. Its been running blind, still manages to map the house ok
Depending on which Shark you have, they are technically vulnerable to the same stuff. The problem is that they are mostly only available in the US, so not that interesting for the European folks (which are my biggest audience).
I have dreame x20, and it is locking outside a chine so no cool functional like camera for me(((I hope some genius can do a custom firmware with working camera for HA.
X20 is likely a L20 (global). I do not have that device yet. I cannot bring myself over spending 1.5k$ on that device (especially if there are other devices in that price range that need "rooting").
Can x20 still work without camera option?
Can I make my vacuum suck anything? Asking for a friend.... 😂😂
Might end up with a roller jam
Dont end up in a situation like the people that used the Vorwerk Kobolt a few decades ago.
Are there any good robot vacuums that don't got any of that anti-consumer bullshit and just let the owner do whatever they want with it?
no :(
just don't connect them to internet. Ok, you would not be able to start it remotely, but I never needed this anyways.
ahhh, be careful with that. A lot of devices are staying in provisioning mode if you do not connect them to the internet. Anyone in range then can provision it "for you"... and access the device then...
Ahm ahm ahm? Ahm ahm, ahm ahm! 😂
PLEASE 🙏 PLEASE 🙏 PLEASE 🙏 STOP THE umm(s), um ok!
Just visit a course how you avoid äh, ähm, ähm ähm. Sorry but I can’t watch this video because it feels like every third word is ähm.
I legitimately only bought the robot vacuum I have now because someone already made it work with Home Assistant. It is rather stupid and bonks around humorously. I put googly eyes on it. I call it Sucky McSuckface.