> In order for the Romo, or really any modern autonomous vacuum, to function it needs to constantly collect visual data from the building it is operating in.
I specifically bought one without a camera or mic.
tgsovlerkhgsel 54 minutes ago [-]
Are there any like that that would have automatic emptying?
valicord 37 minutes ago [-]
Roborock q revo
bdcravens 20 minutes ago [-]
The Q Revo series does have a camera and mic.
izacus 15 minutes ago [-]
They don't, the camera equipped ones are the maxV series.
Q Revo has an IR sensor which doesn't transmit that data anywhere.
sverhagen 57 minutes ago [-]
How do you know? For sure, I mean?
soopypoos 26 minutes ago [-]
I wrapped mine in foil to be safe and now it's fabulous
brookst 42 minutes ago [-]
I mean your coffee maker could be a one-off spy device with nation-state backing. But it seems unlikely.
skeeter2020 5 minutes ago [-]
if they can build an internet connected coffee maker with mic and camera for 60 bucks that's freakin' amazing!
phew, yet another reason it pays off to not be a coffee drinker.
Tempest1981 4 minutes ago [-]
:) I'm sticking with my Aeropress
amelius 40 minutes ago [-]
Does your smartphone have a mic?
dylan604 27 minutes ago [-]
You've brought up such a brilliantly useless point to this discussion. I'm really appreciative of your efforts
codeulike 15 minutes ago [-]
Smartphones at least have some semblance of security, whereas iot devices are a free for all
exegete 54 minutes ago [-]
“Accidentally” is not accurate. He used AI to inspect the source and found credentials that work in all devices. He also never gained control of anyone else’s devices. He never used the exploit.
55555 42 minutes ago [-]
I didn't read the article but based on the title and subheading I assume they say "accidentally" because he was trying to reverse engineer the communication protocol to use his own device and he did not expect to find something as dumb as master credentials that would work on others' devices.
wolrah 35 minutes ago [-]
"Accidentally" as in his intent was to gain control of his own device but instead discovered what would in a just world be considered criminal levels of either incompetence or indifference to the most basic levels of security in the entire product line.
MostlyStable 37 minutes ago [-]
Anyone who's somewhat technically inclined should, in my opinion, only be buying valetudo [0] compatible vacuums and replacing the default software as soon as possible.
I found the “Why Not Valetudo” page on that site extremely persuasive. I would consider myself technically inclined. I also own a robot vacuum so I can spend more time doing important things that leverage my skills. Valetudo does not serve this mission.
Very impressive, but I disagree that this is the clear best choice for anywhere close to anyone.
Like how many layers of people had to have OKed having the same password for all of them? It’s incompetence on an impressive scale.
wolrah 29 minutes ago [-]
Agreed, this sort of thing should at minimum be considered gross negligence at this point, but because regular consumers who buy these products rarely see and almost never understand these news articles it doesn't really impact sales so the company doesn't care.
If this discovery was guaranteed to result in meaningful fines companies would get their act together pretty quickly. 7000 counts of negligent exposure of private data (camera/mic feeds) should in a just world be millions of dollars in fines at the least and arguably criminal charges for management.
jonplackett 11 minutes ago [-]
Exactly. If GDPR fines can be so high, then something like this that is pretty much intentionally leaking personal data should be in the same ballpark.
Betelbuddy 10 minutes ago [-]
His code sucks...
ghgr 1 hours ago [-]
> [...] the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio [...]
Sorry what? Why would a vacuum cleaner even need a microphone?
onli 1 hours ago [-]
Control by voice? Not that absurd.
Telemakhos 1 hours ago [-]
Audio and video surveillance via robot vacuum is a feature: you can control the vacuum, see and hear the world from its perspective, and spy on your cats. I wish I were kidding.
I specifically bought one without a camera or mic.
Q Revo has an IR sensor which doesn't transmit that data anywhere.
[0] https://valetudo.cloud/
Very impressive, but I disagree that this is the clear best choice for anywhere close to anyone.
Accompanying discussion on hn https://news.ycombinator.com/item?id=47047808
Like how many layers of people had to have OKed having the same password for all of them? It’s incompetence on an impressive scale.
If this discovery was guaranteed to result in meaningful fines companies would get their act together pretty quickly. 7000 counts of negligent exposure of private data (camera/mic feeds) should in a just world be millions of dollars in fines at the least and arguably criminal charges for management.
Sorry what? Why would a vacuum cleaner even need a microphone?
https://youtu.be/TltYXEDoong?t=412