A software engineer discovered that his iLife A11 vacuum cleaner was sending constant data to China and mysteriously dying after blocking telemetry IP addresses. The vacuum worked fine for a few days, but Narayanan eventually found an open backdoor in the device’s Android Debug Bridge, allowing remote access and control. This was not a coincidence; the vendor had intentionally disabled the device remotely as retaliation.
Narayanan disassembled the robot and discovered that it was running Linux, with powerful robotics software like Google Cartographer. The device also contained the “rtty” software package, which enabled complete remote control and access to sensitive data like WiFi credentials. This could be misused to track a home’s layout and occupancy patterns.
Experts warn that potentially millions of households could unknowingly harbor spy devices in their homes, with cameras, microphones, sensors, and network access. The use of backdoors in consumer smart devices raises concerns about trust and security.
Cybersecurity researcher Aras Nazarov notes that similar kill switch functionality can be accomplished in a simpler way by hardcoding conditions, but manufacturers often forget to remove these features during production builds. The discovery highlights the importance of separating smart devices from the main home network using VLANs or DMZ zones to prevent unauthorized access.
Source: https://cybernews.com/security/engineer-finds-backdoor-implanted-in-robot-vacuum