Rise of the robot vacuum cleaners

How to make sure a robot doesn’t spy on you, and can it function without internet access?

Some alarming photos have been circulating online recently, taken by, yes, a robot vacuum cleaner. The owner of a too-smart device is captured right on the toilet. Now that the laughter has died down, let’s examine how this was possible and what lessons can be learned.

Some of the leaked images captured by iRobot development devices

Some of the leaked images captured by iRobot development devices

Do vacuum cleaners have cameras? And if so, what for?

Not every robot vacuum cleaner is fitted with a camera. The user manual will usually list all of its sensors and their location. Some models are limited to touch sensors, as well as laser and ultrasonic radars, but it’s becoming increasingly common to see a camera listed as well. Top-of-the-range models have been using cameras for more than five years to better navigate the room. According to engineers, it helps swerve around socks on the floor, laptop wires, and other obstacles. Some vacuum cleaners also have a microphone to respond to voice commands.

Who views the camera footage?

Most of the time, no one. Normally, the video stream from the camera goes to the vacuum cleaner CPU and no further. But there may be exceptions to this rule. In particular, the toilet-photo scandal occurred when a prototype of the Roomba J7 vacuum cleaner sent its video stream to the manufacturer, iRobot, to improve the algorithm.

To enhance machine-vision systems, engineers need not just video from the camera, but annotated video, with all furniture items identified and labeled correctly. The initial markup of photo and video content is done by humans. Then, a computer is trained on these examples, and specialists check the quality of recognition and correct errors. So, iRobot outsourced the video to Scale AI, a specialized contractor with a whole staff of low-paid employees who spend hours marking objects on photos and videos. It was these sub-subcontractors from Venezuela who leaked the, in their opinion, highly amusing photos to a Facebook group. Most likely they were disciplined, and iRobot terminated its contract with Scale AI, but the leaked photos did not go away.

Images captured by iRobot development devices, being annotated by data labelers

Images captured by iRobot development devices, being annotated by data labelers

iRobot claims that all prototypes come with appropriate warnings and are handed over to testers only with their written consent to record video; that is, you can’t accidentally purchase such a vacuum cleaner in a store. Case closed?

Bulk data collection

The development of smart home electronics, especially autonomous robots, is not possible without mass collection of data. Only by analyzing billions, even trillions, of samples can any machine-learning system actually learn something. This is one of the main reasons there is almost always a clause in the lengthy product license agreement asking for your consent to collect “diagnostic” data to improve products and services. At the same time, you rarely see this data specified in detail, and what is required to “improve products and services” is never explained. (Incidentally, Kaspersky end user license agreements always give an exhaustive list of information collected.)

Sometimes the agreement explicitly states that data will not be sold or used for commercial purposes, but “product improvement” often means that it will get processed by subcontractors or partners. In most cases, then, it’s impossible to know what data is being collected and where it will end up.

That said, the non-profit organization Mozilla Foundation is making a good attempt to remedy this situation with its Privacy Not Included guide. It highlights apps and gadgets that are particularly cynical about violating customers’ privacy rights. The list is far from complete, but does cover a few of the “good” and “bad” robot vacuum cleaners out there.

Improper use

Even assuming the manufacturer of the robot vacuum cleaner is ethically pure, the fate of harvested data is not always ideal. It can lie for ages on the company’s servers, where its protection is not a priority. So, in addition to subcontractors, complete outsiders may suddenly gain access to it — from security researchers to cybercriminals or hacktivists.

Another, albeit more exotic, threat is the hacking of the vacuum cleaner itself. Controlled by an attacker, it could be used for non-standard purposes (even playing music from Spotify), including, of course, various forms of spying.

How to minimize the risks

Choosing vendors with a proven privacy and security track record is a good start. But, as a recent Kaspersky survey shows, around 34% of users stop at that. This is not enough, unfortunately.

It’s not hard to arrange your life with a vacuum cleaner so as to minimize data collection and the risk of leakage. For example, you can specify in the settings not to send a map of your home to the manufacturer’s server, not to do the cleaning when family members are in, and, if necessary, prohibit the vacuum cleaner from entering certain rooms, such as a bedroom or a library. This last option is sometimes available in the settings, but it’s even safer to use virtual wall barriers sold by the device manufacturer.

Another realistic option is to pick a vacuum cleaner model that works entirely offline. A number of iRobot models can do this, although they still need internet access for scheduled launch and viewing cleaning statistics, plus the app installed on your phone.

Promotional websites will not tell you if a particular model works offline, so we recommend that you read real users’ feedback and detailed product reviews or call the technical support service. If it’s not possible to set up the vacuum cleaner for offline operation, a combined option might work: do the initial setup using the mobile app and set the required cleaning schedule, then disable internet access.

This can be done through the router settings: either by changing the access point password, or by adding the vacuum cleaner to a denylist. By the way, while you’re in the router settings, make sure the firmware is up to date and the password is not the factory default. This will improve the security of not only the vacuum cleaner, but your entire smart home.

A more complicated method is to set up the vacuum cleaner without connecting to the manufacturer’s servers, directly from the local network. The device can even be integrated with a smart home automation system! Such projects exist, for example, for popular iRobot and Xiaomi models, but they require certain technical skills.

The obvious tip — not to buy a robot vacuum cleaner at all — we’ll skip; let’s face it, they’re far too convenient.