Your ‘Smart’ Vacuum May Be Broadcasting A 3D Map Of Your Home

TechDirt: “We’ve long established that modern “smart” devices aren’t always all that smart. Whether it’s “smart” door locks that are easily hacked to gain entry, “smart” refrigerators that leak your Gmail credentials, or “smart” vehicles that sell data to insurance companies without your permission, the act of modernizing something with internet access and a CPU isn’t always a step forward. The latest case in point: one owner of the $300 iLife A11 smart vacuum realized that the device wasn’t just cleaning his home, it was creating a map of his entire living space, and then openly broadcasting it to its parent company via the internet:

“I’m a bit paranoid — the good kind of paranoid,” he wrote. “So, I decided to monitor its network traffic, as I would with any so-called smart device.” Within minutes, he discovered a “steady stream” of data being sent to servers “halfway across the world.”

“My robot vacuum was constantly communicating with its manufacturer, transmitting logs and telemetry that I had never consented to share,” Narayanan wrote. “That’s when I made my first mistake: I decided to stop it.”

When he prevented the device from sending data back to the corporate mothership, the device refused to boot up. After several efforts to get it “repaired,” the device fell out of warranty and he was left with a $300 paperweight. At that point, he dug a bit more deeply into the device, and found it was using Google Cartographer to create 3D maps of his home that were being transmitted back to its parent company. Like most data collection of this type (in a country with no modern privacy laws or functioning privacy regulators), the vacuum maker wasn’t informing customers of this data collection and transmission. Digging through the vacuum’s code, he says he found specific instructions to stop the vacuum from working if the data collection ceased…”

Posted in: E-Records, Privacy