A disturbing incident has occurred regarding the security of smart home appliances. A programmer named Harishankar discovered that his robot vacuum cleaner, which had been working without any problems for a year, was actually tracking him.
Out of curiosity, the engineer began to look at the device's network traffic and found that the vacuum cleaner was constantly sending data and activity logs to the manufacturer's servers. The user had not given any permission for this. After Harishankar blocked the data transfer, the device worked for several days, and then completely stopped.
After eliminating the problem at the service center, the vacuum cleaner started working again, but after just a few days it stopped working again. The engineer disassembled the device and found that it was running on the AllWinner A33 processor and the Tina Linux operating system.
The most dangerous point was that the Android Debug Bridge (ADB) system was completely unprotected — no password was set. This allowed anyone to gain full administrator (root) rights on the device.
The vacuum cleaner also built a three-dimensional map of the house using the Google Cartographer system — a technology commonly used in professional robotic mapping systems.
The engineer determined that the manufacturer had full remote control over the device and was able to execute any commands remotely. Since there was no protection system, any cyberattacker could use this opportunity.
Experts warn that some modern robot vacuum cleaner models are equipped with cameras in addition to lidars. Such devices can pose a serious threat to privacy in the home.
