ABC News hacks into popular robot vacuum, watches owner through camera

Original Article ↗ Hacker News Discussion ↗

Security and Privacy Concerns

  • Many are uneasy about mobile, networked cameras inside homes; several explicitly avoid camera-equipped vacuums or any “smart” devices.
  • Ecovacs devices are highlighted as having a Bluetooth-based remote code execution vulnerability that allows unauthenticated payloads to run as root from up to ~100 meters; posters note Ecovacs was notified in Dec 2023 and is perceived as slow or unwilling to fix it.
  • Prior privacy incidents with other brands (e.g., leaked intimate photos from mapping vacuums) are referenced as evidence this is an industry-wide issue, not limited to one vendor.
  • Some see these products as “perfect surveillance devices” whose primary value to vendors is data collection and monetization.

Sensors: Cameras vs LiDAR and Navigation Trade-offs

  • Several prefer LiDAR-only models to avoid cameras and for robustness (works in any lighting, no need for “poop detection”).
  • Others note LiDAR struggles with low cables and some obstacles; camera-based models can avoid small items (pet waste, cords) more reliably.
  • Debate:
    • One side sees cameras as more easily fooled (glare, illusions) and risky for safety-critical systems.
    • Another argues vision can be made reliable with better algorithms and processing; issues are implementation, not inherent to cameras.
  • Some mention upward-facing cameras for easier room mapping using ceilings.

Open-source and Local Control Alternatives

  • Valetudo is praised as a way to de-cloud several brands (Dreame, Xiaomi, Roborock), adding persistent maps and Home Assistant integration while keeping devices offline.
  • Ecovacs is currently not supported by Valetudo; a separate “Bumper” project exists for some models.
  • Rooting newer vacuums often requires custom breakout boards and soldering, which limits adoption.

Need for Internet / Cloud Connectivity

  • Many argue vacuums don’t need internet; mapping, scheduling, and control could be done via local web interfaces, LAN, or Bluetooth.
  • In practice, most vendors gate advanced features behind cloud accounts and permanent connectivity; users feel “held hostage” to surveillance for full functionality.
  • Some note non-technical users find cloud-based apps simpler than LAN concepts, which reinforces this design.

User Experiences and Value Proposition

  • Opinions split: some find robot vacuums life-changing (daily cleaning, less mental load), especially with auto-empty docks and pets; others found them fiddly, unreliable, and slower than manual vacuuming.
  • Many report good results with non-camera, or even fully offline, LiDAR-based models; Roomba/iRobot is often described as lagging newer competitors in navigation and features.

Ideas for Better Security and Privacy

  • Suggestions include:
    • A YubiKey/NFC-based, VPN-like zeroconf protocol for securely linking IoT devices.
    • Hardware/image-processing schemes that provide only low-res or obfuscated visual data for navigation (though others argue information-theoretic limits make true non-recoverable images impossible).
    • Stronger Bluetooth security instead of ad-hoc payload-level checks.
  • One commenter argues incentives favor insecure, exploitable IoT devices, and existing standards bodies and regulators are structurally ill-suited to protect end users.

Media, Marketing, and Geopolitics

  • ABC’s headline is criticized as clickbait and imprecise (“popular robot vacuum” vs naming Ecovacs); some note ABC’s broader shift to A/B-tested, attention-driven titles.
  • There is disagreement over whether the coverage is neutral reporting on real security issues or “government propaganda” aimed at stoking fear of Chinese products.
  • Discussion touches on market dynamics: iRobot is no longer clearly dominant; Ecovacs and others may now have larger shares, reinforcing that the issue spans multiple major vendors.