Is your new robot vacuum cleaner spying on you?

No matter how helpful it is, technology can be absolutely terrifying. Case in point: it’s possible that your robot vacuum cleaner is spying on you. A group of researchers from the National University of Singapore and the University of Maryland have discovered that it’s possible to hack into a robot vacuum cleaner equipped with light detection and ranging sensors (lidar) and use the data the sensor receives to listen in on your sensitive conversations. 

Spying through soundwaves? 

In their research paper titled “Spying with Your Robot Vacuum Cleaner: Eavesdropping via Lidar Sensors,” the researchers set up a scenario where they used the lidar sensor in a robot vacuum cleaner to record the sound waves bouncing off other objects in the house and translated them into speech and sound—no microphone necessary.

“Sounds are essentially pressure waves that propagate through the vibrations of the medium. Hence, sound energy in the environment is partially induced on nearby objects creating subtle physical vibrations within those solid media,” the research paper read. 

Image courtesy of Mika Baumeister on Unsplash

After conducting their tests, the researchers achieved an accuracy rate of up to 90 percent. 

As a huge disclaimer, it’s necessary to mention that not all robot vacuum cleaners come with this type of technology. And it’s also important to note that this experiment was done in a controlled, laboratory environment, which gave the researchers the ability to control variables. 

Real world hacking is not as straightforward. Aside from hacking into the vacuum cleaner, a bunch of other variables like ambient noise, light and reflection are important factors in the process of turning sound waves into audible speech. 

Security expert Graham Cutley, who also wrote about vacuum cleaners as a conversation reconnaissance tool, said that those factors are considerable challenges in actually collecting sound samples from a robot vacuum. 

Lidar sensors aren’t the only things we should worry about, though. 

Cameras?

Instead of lidar sensors, some robot vacuum models come with cameras to help them clean better. According to an article on independent home security technology review site Safety.com, “Any device connected to your home’s internet has the ability to be hacked if connected to your home’s wifi.”

If your robot vacuum is controlled via an app connected to your wifi, hackers might be able to get actual footage of you, your home and your pets who chase after the vacuum when you’re not around. 

Image courtesy of Jan Antonin Kolar on Unsplash

This is exactly what happened when a cybersecurity firm hacked into the Trifio Ironpipe robot vacuum. Aside from doing the cleaning, this robot vacuum model was intended to double as a home security system, thanks to the handy dandy camera installed in its body. 

Checkmarx, the cybersecurity firm in question, was able to hack into the Trifio Ironpipe robot vacuum and see through the robot’s camera. According to CNET’s article on this security breach, other possible threats can include accessing old video streams stored in the company’s servers, sending fake software updates that are actually malware downloads, and getting access to the vacuum’s route which can give hackers a clear map of someone’s home or office. 

(Data) privacy please

As if people listening in to your conversations and literally seeing you in your shabby WFH getup weren’t enough, hackers or robot vacuum companies themselves could potentially sell your data. 

Image courtesy of Chris Yang on Unsplash

In 2017, The New York Times released an article about how Roombas have the ability to collect data from their robots and potentially share them with other companies. While Roomba’s (ironically named) parent company iRobot disputed this claim and vowed to never share their customers’ data without consent, the mere possibility is enough to think through the whole robot vacuum thing. 

The bigger picture

Big money can be made from this technology. In 2011, literally a decade ago, the Internet Advertising Bureau (an organization that develops industry-wide standards, conducts research, and provides legal support for the online advertising industry) said it supported $300 billion in economic activity

And that figure was from 10 years ago. Imagine just how big that industry is now? 

In a nutshell, the people who want to see you make your morning coffee and what you had for breakfast aren’t spies. They’re not even the government (for now). They’re brands that want to sell you a new console table after they saw that your current one is your dog’s favorite chew toy. 

At this point you might be thinking “Google and Facebook already have all my data, might as well get a robot spy to clean around the house.”

In that case, do as you please. But if you’d like to hold on to whatever shred of digital privacy you might have left, best to skip out on the robo-cuum and stick to ye olde broom and dustpan.

Read more...