Texts on protection, 17.01.2023, 08:30 AM
When some alarming photos, taken by a robot vacuum cleaner, appeared on the Internet recently, including a photo in which the owner of the vacuum cleaner was caught in the toilet, many people found it funny, but the question arose as to how this is possible and whether such vacuum cleaners have cameras. , and if they have, why do they need them. Kaspersky experts tried to answer these dilemmas.
First, it should be clarified. Not every robot vacuum cleaner is equipped with a camera. The user manual usually lists all the device’s sensors and where they are located. Some models have only touch sensors, as well as laser and ultrasonic radars, but more and more often you can see a camera on the list. Top models have been using cameras for more than five years to better navigate the room. According to the engineers, the camera helps to bypass a sock on the floor, a laptop cable and other obstacles. Some vacuum cleaners also have a microphone for responding to voice commands.
Who is watching the camera footage? In most cases – no one. Normally, the video from the camera goes to the processor of the vacuum cleaner and nowhere else. But there can be exceptions to this rule. In particular, the scandal with photos of owners taken in the toilet occurred when the prototype of the Roomba J7 vacuum cleaner sent its video stream to the manufacturer, iRobot, to improve the algorithm.
To improve machine vision systems, engineers need not just camera video, but annotated video, with furniture parts identified and correctly labeled. Initial tagging of photos and videos is done by humans. Then the computer is trained on these examples, and experts check the quality of recognition and correct errors. So iRobot sent the video to Venezuela-based Scale AI, a specialized firm with employees who spend hours tagging objects in photos and videos. These recordings were leaked and found in a Facebook group. Those responsible were most likely disciplined, and iRobot terminated its contract with Scale AI, but the leaked photos did not disappear.
iRobot claims that all prototypes come with appropriate warnings and are only given to testers with their written consent to video recording. In other words, you cannot accidentally buy such a vacuum cleaner in a store.
The development of smart home electronics, especially autonomous robots, is not possible without massive data collection. Just by analyzing billions of samples, any machine learning system can learn something. This is one of the main reasons why there is almost always a clause in a product’s license agreement that asks for your consent to collect “diagnostic” data to improve products and services. You rarely see this data detailed, and what is needed to “improve products and services” is never explained.
Sometimes the contract specifically states that the data will not be sold or used for commercial purposes, but “product development” often means that it will be processed by subcontractors or partners. In most cases, therefore, it is impossible to know what data is collected and where it will end up.
Even assuming that the manufacturer of the robot vacuum cleaner is “clean” in the ethical sense, the fate of the collected data is not always ideal. They can be on company servers for years, where their protection is not a priority. So, in addition to subcontractors, access to data can suddenly be gained by complete outsiders – from security researchers to cybercriminals or hacktivists.
Another, more exotic threat is hacking the vacuum cleaner itself. Controlled by an attacker, the vacuum cleaner could be used for a variety of purposes, including, of course, various forms of espionage.
How to reduce risks? Choosing a manufacturer that is proven to take privacy and security into account is a good start. But as a recent survey by Kaspersky shows, about 34% of users stop there. Unfortunately, this is not enough.
It’s not hard to live with a robot vacuum cleaner so minimize data collection and the risk of leaks as much as possible. For example, you can set in the settings not to send a map of your home to the manufacturer’s server, not to clean when family members are in the apartment and, if necessary, to prohibit the vacuum cleaner from entering certain rooms, such as Bedroom. This last option is sometimes available in the settings, but it is even safer to use the virtual wall barriers sold by the device manufacturer.
Another realistic option is to choose a vacuum cleaner model that works completely offline. A number of iRobot models can do this, although they still require internet access to run scheduled runs and view cleaning statistics, as well as an app installed on your phone.
Promotional websites won’t tell you if a particular model works, so Kaspersky experts recommend reading user feedback and detailed product reviews or calling technical support. If it is not possible to set the vacuum cleaner to work offline, a combined option might work: do the initial setup with the mobile app and set the cleaning schedule, then disable internet access.
This can be done through the router settings: either by changing the password of the access point, or by adding the vacuum cleaner to the prohibited list. By the way, while you are in the router settings, make sure that the firmware is updated and the password is not the factory one. This will improve the security not only of the vacuum cleaner, but also of your entire smart home.
A more complicated method is to set up the vacuum cleaner without connecting to the manufacturer’s servers, directly from the local network. The device can even be integrated with a smart home automation system! Such projects exist, for example, for the popular iRobot and Xiaomi models, but they require certain technical skills.
If all this seems too complicated, it may be best, although not the most convenient, to stick to good old manual vacuuming.
Cover photo: Jens Mahnke, Pexels
