Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Robotics Bug Networking Privacy Hardware Idle

Is Sharp's Robot Vacuum Cleaner Vulnerable To Remote Take-over? (jvn.jp) 42

Slashdot reader AmiMoJo reports: Sharp's COCOROBO (heart-bot) vacuum cleaners can not just clean your house. They have cameras that can be viewed from a smart phone, and automatically take pictures of things they find under your sofa. They have microphones and voice recognition, and are able to ask how your day was when you get home from work. You can even activate their speakers and talk to your pets from the office. Unfortunately, so can anyone else if you don't install critical firmware updates.
JPCERT's warning says that the attacker must be on the same LAN to impersonate you, though "as a result, there is a possibility that an arbitrary operation may be conducted."
This discussion has been archived. No new comments can be posted.

Is Sharp's Robot Vacuum Cleaner Vulnerable To Remote Take-over?

Comments Filter:
  • by DontBeAMoran ( 4843879 ) on Saturday November 25, 2017 @12:36PM (#55620567)

    How about checking under the sofa cushions? Maybe it would be able to earn a wage.

  • ... IMO is that because they need to be small enough to be able to easily get into various places, their canisters are usually too small to be able to complete an entire house before needing emptying, especially if one has pets, and virtually all of them require you to manually empty the canister.

    If Roomba made a self-emptying model, I'd be all over that like nobody's business.

    • by AmiMoJo ( 196126 )

      I've had a few different robot vacuums over the years. They don't replace vacuuming entirely, but they do reduce the workload a lot.

      If you run them regularly then the small bin size isn't a problem, as there isn't that much to pick up. They can't get in every corner but remove the majority of new dust and debris coming into the house. You can then touch up after it every now and then with a powerful hand held manual vacuum every now and then.

      • by mark-t ( 151149 )

        If you run them regularly then the small bin size isn't a problem

        We already vacuum every two or three days as it is to keep up with the fur and hair that our pets leave everywhere. While a robot vacuum could be programmed to run every day, I think it's unlikely a single robot vacuum could manage even one day without having an issue because of the small bin size. 2 or 3 robot vacuums would probably do the trick, but then that's 2 or 3 times the price as well... and even a single robot vacuum is going to

        • by AmiMoJo ( 196126 )

          Even the cheap 100 euro ones are actually not bad these days, especially if you restrict them to one or two rooms.

  • A vulnerability has been discovered that leaves the general public vulnerable to eavesdropping attacks! Owners of CDG devices are subject to attacks from random strangers who are in the same home. By simply placing one end of the device against a wall and placing the ear against the other side your private communications may be leaked! These CDGs, also referred to as "common drinking glasses", or sometimes just "glasses" are a serious security flaw. There is NO Firmware update planned. If you have CDGs in
    • by sjames ( 1099 )

      Now imagine that this CDG works from across the street through the WiFi.

      • Except it doesn't, because the WiFi is encrypted. I know, next you are going to say that people are breaking WPA2 left and right because it is super easy, and they will target one of these vacuums when they do because that is the most juicy target. Seriously, get a clue; learn about security landscapes.
        • by sjames ( 1099 )

          Yes, and it's protected by a password. Often the dog's name or the home phone number. Or someone abuses WPS to gain access.

          • I guess you opted out of the opportunity to get a clue.
            • by sjames ( 1099 )

              No, it's just that I have a realistic view of the actual state of security in networks, including those set up by people reading a flip book and people who don't even do that much.

              You seem to be ignorant of the known issues with WPS including common user errors.

  • by AndyKron ( 937105 ) on Saturday November 25, 2017 @01:02PM (#55620655)
    I don't want a vacuum cleaner connected to the Internet, nor do I want a vacuum cleaner asking me how my fucking day was.
    • by mark-t ( 151149 )
      To be honest, I can see some real validity and usefulness to having an internet-connected robot vacuum. But it should still have to be using your internet connection, using connectivity that YOU provide to it through your own home network, and not obtain its own internet connection independently of your network configuration. Then, at least theoretically, you could use a firewall around your lan to block unwanted actions, while still being able to access it yourself.
    • I felt the same way, but then I thought, How else is my dog going to learn a foreign language while I'm away?
  • Unfortunately, so can anyone else if you don't install critical firmware updates.

    ... do we really need vacuum cleaners that require soft/firmware and security updates?

    Seriously, it's not that hard to vacuum/sweep your floors.

  • by gurps_npc ( 621217 ) on Saturday November 25, 2017 @01:37PM (#55620803) Homepage

    They are vacuum cleaners. They do not need MICROPHONES. If you can't bother to control it via an App, then connect up Amazon's Alexis and let Alexis convert your voice into vacuum cleaner commands.

    Same thing for cameras. What moron thinks that letting your vaccuum cleaner take pictures in your home is a good idea>

    As for me, I don't trust Amazon with a mike in my home, let alone some random vacuum company maker.

    • Please, if you are watching it hoover up your dog's tail are you seriously telling me you don't want to hear your dog yelp too?

  • First world problems abound. What's it going to do, give you a nasty suck?

    In actual fact,what the fsck do you want a robotic Hoover for anyway? Like most of these autonomous things, they never work properly and, once the "Ah, lookit going across the floor traumatising the poor dog again" novelty wears off, you're left however much money you paid and several IQ points the poorer.

    Tish, pshaw and, indeed, codswallop. Also, your dog now hates you and anyone who looks like you. Aren't you proud?
  • The greatest danger I can see is a tech savvy burglar using the device to see if the house is occupied. One could do the same thing with a "smart" water meter. If someone can determine that no one is home, they can break in and take all the time they want. This may or may not be possible, but you can't really limit yourself when thinking about how technology can be misused.

  • My vacuum and I shouldn't have trust issues.
  • Any IoT device that is connected to the internet will almost always start with no, they cannot be taken over. But when (not if) an exploit is discovered then it will be possible. It's like Moore's law.

Any given program, when running, is obsolete.

Working...