Mastodawn

Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline

https://sh.itjust.works/post/51015947

Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline - sh.itjust.works

An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That’s when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn’t consented to. The user, Harishankar, decided to block the telemetry servers’ IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.

Show thread

Blackmist

Had a kill command actually been sent, or does the device just not work without a remote server talking to it every so often?

Because the second one is probably worse from a “what if this company goes bust” standpoint.

Show thread

Nalivai Dec 5

Don’t worry, the quality of the modern hardware is so shitty, it will not outlive the company for long

Show thread

cøre Dec 5

Man itd be great if there was an answer to this. Maybe in an article somewhere. Guess we’ll never know.

Show thread

sem Dec 5

Not to fear! Here is the relevant part so the next person coming by doesn’t have to read the article:

deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.

(Image credit: Harishankar)

So, why did the A11 work at the service center but refuse to run in his home? The technicians would reset the firmware on the smart vacuum, thus removing the kill code, and then connect it to an open network, making it run normally. But once it connected again to the network that had its telemetry servers blocked, it was bricked remotely because it couldn’t communicate with the manufacturer’s servers. Since he blocked the appliance’s data collection capabilities, its maker decided to just kill it altogether. "Someone—or something—had remotely issued a kill command,” says Harishankar. “Whether it was intentional punishment or automated enforcement of ‘compliance,’ the result was the same: a consumer device had turned on its owner.”

( ͡° ͜ʖ ͡°)

Furthermore, the engineer made one disturbing discovery — deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.