Forgot your password?
Close
typodupeerror
Hardware

Manufacturer Bricks Smart Vacuum After Engineer Blocks It From Collecting Data (tomshardware.com) 35

Posted by BeauHD from the remotely-controlled dept.
A curious engineer discovered that his iLife A11 smart vacuum was remotely "killed" after he blocked it from sending data to the manufacturer's servers. By reverse-engineering it with custom hardware and Python scripts, he managed to revive the device to run fully offline. Tom's Hardware reports: An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That's when he noticed it was constantly sending logs and telemetry data to the manufacturer -- something he hadn't consented to. The user, Harishankar, decided to block the telemetry servers' IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.

He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again. After several rounds of back-and-forth, the service center probably got tired and just stopped accepting it, saying it was out of warranty. Because of this, he decided to disassemble the thing to determine what killed it and to see if he could get it working again. [...] So, why did the A11 work at the service center but refuse to run in his home? The technicians would reset the firmware on the smart vacuum, thus removing the kill code, and then connect it to an open network, making it run normally. But once it connected again to the network that had its telemetry servers blocked, it was bricked remotely because it couldn't communicate with the manufacturer's servers. Since he blocked the appliance's data collection capabilities, its maker decided to just kill it altogether.

"Someone -- or something -- had remotely issued a kill command," says Harishankar. "Whether it was intentional punishment or automated enforcement of 'compliance,' the result was the same: a consumer device had turned on its owner." In the end, the owner was able to run his vacuum fully locally without manufacturer control after all the tweaks he made. This helped him retake control of his data and make use of his $300 software-bricked smart device on his own terms. As for the rest of us who don't have the technical knowledge and time to follow his accomplishments, his advice is to "Never use your primary WiFi network for IoT devices" and to "Treat them as strangers in your home."
This discussion has been archived. No new comments can be posted.

Manufacturer Bricks Smart Vacuum After Engineer Blocks It From Collecting Data More

Manufacturer Bricks Smart Vacuum After Engineer Blocks It From Collecting Data

Comments Filter:

  • Impressive! (Score:5, Funny)

    by Gravis Zero ( 934156 ) on Thursday November 06, 2025 @09:09AM (#65777118)

    When they did this on Monday [slashdot.org] I was annoyed. However, the fact that that they managed to remotely brick it again when it wasn't even online is just impressive!

    I'm not one for DRM bullshit but I have to give them credit where credit's due. ;)

    • Re:Impressive! (Score:5, Funny)

      by burtosis ( 1124179 ) on Thursday November 06, 2025 @09:21AM (#65777132)

      When they did this on Monday [slashdot.org] I was annoyed. However, the fact that that they managed to remotely brick it again when it wasn't even online is just impressive!

      I'm not one for DRM bullshit but I have to give them credit where credit's due. ;)

      Meh, I won’t be impressed until I read about the third bricking this weekend.

      • Am I the only one that thought the original story was so cool and interesting that when I saw a dupe, a feeling of "cool another take" precipitated and was only let down to find the chorus of peanut gallery 'we already did this' badgering instead of more new takes. Maybe its like what 4chan or whoever said about laughter, its only really funny the first time after that its not lol its the lulz?

        • I think it's fine, but when posting a new take, the Slashdot tradition is that you link to the old take so people don't have to go over that again. In that sense, Gravis Zero is doing Slashdot a great service.

          I found a GitHub repo that Harishankar has contributed to but others here say that's not related. I wonder if

          a) anyone can find some better info on what he's been doing?
          b) anyone knows which of the various open source robot cleaner projects online are any good? Is buying a cheap one and taking it over

          • My TVs and my cameras, my wall switches, my light bulbs, my pool equipment, nothing is connected to the cloud. As the article suggests, create an IoT VLAN in your house if you can, and put everything there. I use HomeKit because Apple mandates that these devices can be controlled by a local hub offline, no MITM with a cloud server that will go under. Occasionally I let them talk to the internet for firmware updates, but even then, it's only if I happen to come across a feature release. I dont update firmwar

            • I am very proactive with segregating IoT stuff (even sub divided into 4 different VLANs), but often there is no choice and no way to know until after purchase. I bought a cold plunge (Michael Phelps Chilly GOAT) that didn't have "smart" as a sales feature, but it turns out the heat pump can only have the temperature changed by unscrewing six screws on the side panel, or using the godawful TUYA app. This version of TUYA is cloud only.

              I had a plan when buying though-- I could hook up to the modbus port on the

        • It's just a duplicate from a couple of days ago.

          Nothing new. Nothing novel. Just a dupe from a couple of days ago.

    • When they did this on Monday [slashdot.org] I was annoyed. However, the fact that that they managed to remotely brick it again when it wasn't even online is just impressive!

      It's the Christmas season. Everybody loves a two-for-one deal.

    • Re: (Score:2)

      by shanen ( 462549 )

      Okay, and you deserve the funny mod, but no one seems to have realized it must be a dead man switch. If the robovac fails to contact its masters within some time limit, then it is ordered (at a deep level) to kill itself.

      (Couldn't find this obvious comment in the discussion branch, but I can's see or search All from here...)

      • Re: (Score:2)

        by rta ( 559125 )

        but no one seems to have realized it must be a dead man switch. If the robovac fails to contact its masters within some time limit, then it is ordered (at a deep level) to kill itself.

        (Couldn't find this obvious comment in the discussion branch, but I can's see or search All from here...)

        The shutdown command was delivered remotely via a different channel when the guy blocked the telemetry IP only. so not a traditional deadman switch that the device itself decides to stop working.

        and besides the device can't work without Internet anyway since apparently its room mapping capability is cloud based

        • Re: (Score:2)

          by shanen ( 462549 )

          Thanks for clarifying. But I hope I didn't give the bastards any fresh ideas... Next thing you know they'll be including a suicide bomb inside it to go all the way beyond software-based bricking.

          Whoops.

  • no text

  • Wow...that really sucks...both the vacuum and what the manufacturer did with the remote kill command.

    Definitely a new "law" in Asimov's Three Law's of Robotics.

    JoshK.

  • But dumb "editors".

    • They don't care for reasons they choose not acknowledge.
      Their revenue appears unconnected to Slashdot importance, or is sufficient without the effort to restore quality. I find this interesting.

      That's why they choose not to respond to (not the same as "ignore") valid criticism. The enshittification of Slashdot is deliberate. It's easy money for minimal effort.

      Slashdot owners could easily replace editors with AI and arguably should since the threshold for acceptable "quality" has been so low for so long no

    • Re: (Score:2)

      by sconeu ( 64226 )

      Apparently, somebody remotely bricked the editors a long time ago.

  • Story (Score:3)

    by fluffernutter ( 1411889 ) on Thursday November 06, 2025 @09:28AM (#65777146)
    Among the stories of strange things I have seen.. My wife had gotten into playing 'My singing monsters' which was downloadable for free with micro purchases or whatever. Not my kind of game, but she enjoyed it. I don't know how the game progresses, but she had built up her content for over a month on the free plan. One day the game just stopped working for her, showing some cryptic error. She started poking around in binary files despite me telling her it probably wouldn't be that easy, and she found a file that contained the words "customer refuses to pay for the game". Seems like it was some log that was placed in the game after it had presumably been disabled. Long story short, nothing attached to the internet is truly yours.

  • Pay attention Beau! DUPE. (Score:3)

    by sabbede ( 2678435 ) on Thursday November 06, 2025 @09:51AM (#65777184)
    It was just a couple of stinkin days ago.

  • "Bricks" (Score:3)

    by newcastlejon ( 1483695 ) on Thursday November 06, 2025 @10:38AM (#65777326)
    You keep using that word. I do not think it means what you think it means.
  • Come on people. What the fuck are you doing here?

  • Well, since this is a dupe story from just a couple of days ago:
    https://yro.slashdot.org/story... [slashdot.org]

    I may as well dupe the posts that declare this story is a dupe.

    The dupe is dope, yo whaddup dawg?

  • It's now just collecting dust, then?

  • ... for IoT devices ...

    The easier step is to never bring IoT devices into the home. But that means operating the appliance by hand: Now, labour-saving devices require too much labour. It's a sick, sad world when we need to buy spyware to create a little leisure time for ourselves.

  • âoehe discovered that a remote kill command had been issued to his device.â

    We read recently where someone did this to their ex-employer and everyone in here was cheering that he had been arrested, found guilty, and sent to prison.

    So I guess we know what is going to happen to the vacuum company.

    I wonder when the cops will arrive at the manufacturers place of business?

    Should be any minute now.

    Any minute.

    Probably just a tiny bit longer.

    Are they there yet?

    No?

    Not yet?

    Are you sure?

    Check again.

    Still noth

Slashdot Top Deals

The best laid plans of mice and men are held up in the legal department.

Close