Comment The 1st clue should have been: why is this online? (Score 2) 77
The man bought a vacuum cleaner that required an internet connection, and that didn't make him suspicious?
Not so clever I reckon...
Manufacturer Remotely Bricks Smart Vacuum After Its Owner Blocked It From Collecting Data (tomshardware.com) 77
"An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device," writes Tom's Hardware.
"That's when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn't consented to." The user, Harishankar, decided to block the telemetry servers' IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after... He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again... [H]e decided to disassemble the thing to determine what killed it and to see if he could get it working again...
[He discovered] a GD32F103 microcontroller to manage its plethora of sensors, including Lidar, gyroscopes, and encoders. He created PCB connectors and wrote Python scripts to control them with a computer, presumably to test each piece individually and identify what went wrong. From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware. From this, he looked at its software and operating system, and that's where he discovered the dark truth: his smart vacuum was a security nightmare and a black hole for his personal data.
First of all, it's Android Debug Bridge, which gives him full root access to the vacuum, wasn't protected by any kind of password or encryption. The manufacturer added a makeshift security protocol by omitting a crucial file, which caused it to disconnect soon after booting, but Harishankar easily bypassed it. He then discovered that it used Google Cartographer to build a live 3D map of his home. This isn't unusual, by far. After all, it's a smart vacuum, and it needs that data to navigate around his home. However, the concerning thing is that it was sending off all this data to the manufacturer's server. It makes sense for the device to send this data to the manufacturer, as its onboard SoC is nowhere near powerful enough to process all that data. However, it seems that iLife did not clear this with its customers.
Furthermore, the engineer made one disturbing discovery — deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.
Thanks to long-time Slashdot reader registrations_suck for sharing the article.
"That's when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn't consented to." The user, Harishankar, decided to block the telemetry servers' IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after... He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again... [H]e decided to disassemble the thing to determine what killed it and to see if he could get it working again...
[He discovered] a GD32F103 microcontroller to manage its plethora of sensors, including Lidar, gyroscopes, and encoders. He created PCB connectors and wrote Python scripts to control them with a computer, presumably to test each piece individually and identify what went wrong. From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware. From this, he looked at its software and operating system, and that's where he discovered the dark truth: his smart vacuum was a security nightmare and a black hole for his personal data.
First of all, it's Android Debug Bridge, which gives him full root access to the vacuum, wasn't protected by any kind of password or encryption. The manufacturer added a makeshift security protocol by omitting a crucial file, which caused it to disconnect soon after booting, but Harishankar easily bypassed it. He then discovered that it used Google Cartographer to build a live 3D map of his home. This isn't unusual, by far. After all, it's a smart vacuum, and it needs that data to navigate around his home. However, the concerning thing is that it was sending off all this data to the manufacturer's server. It makes sense for the device to send this data to the manufacturer, as its onboard SoC is nowhere near powerful enough to process all that data. However, it seems that iLife did not clear this with its customers.
Furthermore, the engineer made one disturbing discovery — deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.
Thanks to long-time Slashdot reader registrations_suck for sharing the article.
Comment Re:btw (by the way) (Score 1) 144
IKR?! (I know right?) TBH (to be honest), I just wanted to leave a comment here for the LOL (laughing out loud) factor. I can do this all day but I don't have all day, have to leave ASAP (as soon as possible). TTYL (talk to you later).
Comment I don't know what's more dystopian (Score 4, Insightful) 144
The pigs using ubiquitous street camera surveillance to accuse the woman, or the woman using ubiquitous in-vehicle camera surveillance to prove her innocence.
No part of this story makes me warm or fuzzy.
Comment Re:I wonder if that's why it's been sucking less.. (Score 3, Funny) 50
Those cables look like something that infected the spaceship in act one, and that were finally killed in act three.
Comment stupid post (Score 1) 136
The summary says "standard time year-round, which means more light in the morning and less light in the evening".
I don't think that's right. They should be about the same, more or less, depending on the wobble.
Lots of bad math in the summary.
I don't think that's right. They should be about the same, more or less, depending on the wobble.
Lots of bad math in the summary.
Comment Captchas just got a whole lot faster (Score 2) 50
and the ubiquitous surveillance of large swathes of the internet as well. Woohoo!
Comment Shame! (Score 1) 163
Such shame I feel for my people. Such shame!
Comment Re:Before anyone asks: (Score 1) 55
McNally does work with the Lock Picking Lawyer.
The key is the last word is his nom de guerre. It's not an idle word....
Comment Oh great, a fresh set of bugs & vulns to iron (Score 4, Insightful) 83
Note to self: stick to Debian and don't touch Ubuntu or Mint for a few versions until the kinks have been worked out.
Comment Re:Oh good (Score -1) 163
Hussein Obama himself blocked Chinese solar panel imports with prohibitive tariffs, "to protect AmeriKKKan jobs."
The planet is boiling, a huge hurricane just wrecked the Caribbean, gain, a wildfire burnt down LA, and "dey took our jerbs" is the watchword, even though the US never had any solar manufacturing capacity anyway. The bucktoothed hillbillies aren't going to work anyway. Most of them are on SNAP and have been since LBJ.
By the way, the whole "free Tibet" thing is bullshit. Tibet was never free. Tibet under the lamas was a literal medieval society complete with mandatory state religion and serfs, literal slaves. China's CPC marched in the Red Army, liberated the people, introduced athiesm, and most enraging of all taught women to read.
The lamas believed so much in their people they ran away to India where they still are today.
Ever wanted an atheist government of scientists? The CPC is for you. Xi Jinping is a chemical engineer. Stupids like Trump are locked out of government. Not a single war since 1972. Their cheap solar is powering the world that's smart enough to trade with them.
Good guy CPC.
Comment Re: Google has a vested interest (Score 2) 48
Installing Windows of any kind is a security risk that can lead to death, on this much I agree with the AI. I still believe anyo e should be allowed to do it though.
I am 100% pro Israel, against Islam, against Hamas, there is no such thing as Palestine. People should be able to fuck whoever, if it is consenting adults.
Government power is evil in itself. Taxes are theft, laissez faire capitalism is the best economic system for long term benefits.
Climate change is real. Immigration is fine as long as there are no welfare systems based on taxes. ruzzians should be contained by a mote with alligators and lasers.
Feminism, welfare systems, urbanization is causing the declining birth rates, this cannot be easily reversed, we will suffer because of this more than from the changing climate as a species.
People must be able to own any weapon systema they can afford. Governments must be decentralized, presidents shouldn't have more power than city mayors. Democracy fails hard because of power monopolization. Power must be decentralized. Property taxes, death taxes, income taxes, capital gains, dividends must never be taxed.
Schools, health care, infrastructure, everything must be private, paid for by selling bonds. Governments must charge fees for use, not rely on taxes. Fees must be directly paying for services rendered, never used for things other than the services rendered.
Money is what the market decides, most of the time markets decide that gold is money. Governments must never be allowed to print money, they may coun it for a fee.
Trade must always be free of all and any government involvement.
etc.etc. I know how this will be moded, but that is the point of this thread.
Comment bare bones (Score 1) 20
Why not just go real bare bones and implement the only interface that is needed - Aliens style motion tracker. A couple of dots and a sound that beeps faster and faster when the target is closer?
Comment Want to save power? (Score 2) 20
Shut down all sensors that have nothing to do with navigation, that Google uses to put people under surveillance, stop the data collection and stop sending data to the mothership all the damn time. I guarantee you power usage will go down significantly.
How do I know that? because my Fairphone 4 running CalyxOS gets a few more hours of battery life than the same Fairphone 4 running vanilla Android, and my Fairphone 5 running Ubuntu Touch also does better battery-wise than the same phone running Google's surveillance platform.
Comment Professional unethical for-profit hackers hacked (Score 2) 56
Poetic justice.
Slashdot Top Deals
"You can't get very far in this world without your dossier being there first." -- Arthur Miller
