{"id":20516,"date":"2022-12-26T16:17:33","date_gmt":"2022-12-26T12:17:33","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/robot-vacuum-privacy\/20516\/"},"modified":"2022-12-26T16:17:46","modified_gmt":"2022-12-26T12:17:46","slug":"robot-vacuum-privacy","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/robot-vacuum-privacy\/20516\/","title":{"rendered":"Rise of the robot vacuum cleaners"},"content":{"rendered":"<p>Some alarming photos have been circulating online recently, taken by, yes, a robot vacuum cleaner. The owner of a too-smart device is captured right on the toilet. Now that the laughter has died down, let\u2019s examine how this was possible and what lessons can be learned.<\/p>\n<div id=\"attachment_46684\" style=\"width: 1335px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2022\/12\/26161610\/robot-vacuum-privacy-01.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-46684\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2022\/12\/26161610\/robot-vacuum-privacy-01.jpg\" alt=\"Some of the leaked images captured by iRobot development devices\" width=\"1325\" height=\"438\" class=\"size-full wp-image-46684\"><\/a><p id=\"caption-attachment-46684\" class=\"wp-caption-text\">Some of the leaked images captured by iRobot development devices<\/p><\/div>\n<h2>Do vacuum cleaners have cameras? And if so, what for? <\/h2>\n<p>Not every robot vacuum cleaner is fitted with a camera. The user manual will usually list all of its sensors and their location. Some models are limited to touch sensors, as well as laser and ultrasonic radars, but it\u2019s becoming increasingly common to see a camera listed as well. Top-of-the-range models have been using cameras for more than five years to better navigate the room. According to engineers, it helps swerve around socks on the floor, laptop wires, and other obstacles. Some vacuum cleaners also have a microphone to respond to voice commands.<\/p>\n<h2>Who views the camera footage? <\/h2>\n<p>Most of the time, no one. Normally, the video stream from the camera goes to the vacuum cleaner CPU and no further. But there may be exceptions to this rule. In particular, the <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.technologyreview.com\/2022\/12\/19\/1065306\/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy\/\">toilet-photo scandal<\/a> occurred when a prototype of the Roomba J7 vacuum cleaner sent its video stream to the manufacturer, iRobot, to improve the algorithm.<\/p>\n<p>To enhance machine-vision systems, engineers need not just video from the camera, but <em>annotated<\/em> video, with all furniture items identified and labeled correctly. The initial markup of photo and video content is done by humans. Then, a computer is trained on these examples, and specialists check the quality of recognition and correct errors. So, iRobot outsourced the video to Scale AI, a specialized contractor with a whole staff of low-paid employees who spend hours marking objects on photos and videos. It was these sub-subcontractors from Venezuela who leaked the, in their opinion, <em>highly amusing<\/em> photos to a Facebook group. Most likely they were disciplined, and iRobot terminated its contract with Scale AI, but the leaked photos did not go away.<\/p>\n<div id=\"attachment_46683\" style=\"width: 1335px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2022\/12\/26161702\/robot-vacuum-privacy-02.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-46683\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2022\/12\/26161702\/robot-vacuum-privacy-02.jpg\" alt=\"Images captured by iRobot development devices, being annotated by data labelers\" width=\"1325\" height=\"438\" class=\"size-full wp-image-46683\"><\/a><p id=\"caption-attachment-46683\" class=\"wp-caption-text\">Images captured by iRobot development devices, being annotated by data labelers<\/p><\/div>\n<p>iRobot claims that all prototypes come with appropriate warnings and are handed over to testers only with their written consent to record video; that is, you can\u2019t accidentally purchase such a vacuum cleaner in a store. Case closed?<\/p>\n<h2>Bulk data collection<\/h2>\n<p>The development of smart home electronics, especially autonomous robots, is not possible without mass collection of data. Only by analyzing billions, even trillions, of samples can any <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/machine-learning-nine-challenges\/23553\/\" rel=\"noopener nofollow\">machine-learning<\/a> system actually learn something. This is one of the main reasons there is almost always a clause in the lengthy product license agreement asking for your consent to collect \u201cdiagnostic\u201d data to improve products and services. At the same time, you rarely see this data specified in detail, and what is required to \u201cimprove products and services\u201d is never explained. (Incidentally, Kaspersky end user license agreements always give an exhaustive list of information collected.)<\/p>\n<p>Sometimes the agreement explicitly states that data will not be sold or used for commercial purposes, but \u201cproduct improvement\u201d often means that it will get processed by subcontractors or partners. In most cases, then, it\u2019s impossible to know what data is being collected and where it will end up.<\/p>\n<p>That said, the non-profit organization Mozilla Foundation is making a good attempt to remedy this situation with its <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/foundation.mozilla.org\/en\/privacynotincluded\/categories\/smart-home\/\">Privacy Not Included<\/a> guide. It highlights apps and gadgets that are particularly cynical about violating customers\u2019 privacy rights. The list is far from complete, but does cover a few of the \u201cgood\u201d and \u201cbad\u201d robot vacuum cleaners out there.<\/p>\n<h2>Improper use<\/h2>\n<p>Even assuming the manufacturer of the robot vacuum cleaner is ethically pure, the fate of harvested data is not always ideal. It can lie for ages on the company\u2019s servers, where its protection is not a priority. So, in addition to subcontractors, complete outsiders may suddenly gain access to it \u2014 from security researchers to cybercriminals or hacktivists.<\/p>\n<p>Another, albeit more exotic, threat is the hacking of the vacuum cleaner itself. Controlled by an attacker, it could be used for non-standard purposes (even <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.hackster.io\/news\/robot-vacuum-cleaner-hacked-to-play-spotify-53e1a205c380\">playing music from Spotify<\/a>), including, of course, various forms of spying.<\/p>\n<h2>How to minimize the risks<\/h2>\n<p>Choosing vendors with a proven <a target=\"_blank\" href=\"https:\/\/securelist.com\/privacy-predictions-2023\/108068\/\" rel=\"noopener\">privacy<\/a> and security track record is a good start. But, as a recent Kaspersky survey shows, around 34% of users stop at that. This is not enough, unfortunately.<\/p>\n<p>It\u2019s not hard to arrange your life with a vacuum cleaner so as to minimize data collection and the risk of leakage. For example, you can specify in the settings not to send a map of your home to the manufacturer\u2019s server, not to do the cleaning when family members are in, and, if necessary, prohibit the vacuum cleaner from entering certain rooms, such as a bedroom or a library. This last option is sometimes available in the settings, but it\u2019s even safer to use virtual wall barriers sold by the device manufacturer.<\/p>\n<p>Another realistic option is to pick a vacuum cleaner model that works entirely offline. A number of iRobot models can do this, although they still need internet access for scheduled launch and viewing cleaning statistics, plus the app installed on your phone.<\/p>\n<p>Promotional websites will not tell you if a particular model works offline, so we recommend that you read real users\u2019 feedback and detailed product reviews or call the technical support service. If it\u2019s not possible to set up the vacuum cleaner for offline operation, a combined option might work: do the initial setup using the mobile app and set the required cleaning schedule, then disable internet access.<\/p>\n<p>This can be done through the <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/how-to-protect-wifi-from-neighbors\/39039\/\" rel=\"noopener nofollow\">router settings<\/a>: either by changing the access point password, or by adding the vacuum cleaner to a denylist. By the way, while you\u2019re in the router settings, make sure the firmware is up to date and the password is not the factory default. This will improve the security of not only the vacuum cleaner, but your entire smart home.<\/p>\n<p>A more complicated method is to set up the vacuum cleaner without connecting to the manufacturer\u2019s servers, directly from the local network. The device can even be integrated with a smart home automation system! Such projects exist, for example, for popular <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/koalazak\/dorita980\">iRobot<\/a> and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/asphalter\/xiaomi_vacuum\">Xiaomi<\/a> models, but they require certain technical skills.<\/p>\n<p>The obvious tip \u2014 not to buy a robot vacuum cleaner at all \u2014 we\u2019ll skip; let\u2019s face it, they\u2019re far too convenient.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to make sure a robot doesn\u2019t spy on you, and can it function without internet access?<\/p>\n","protected":false},"author":2722,"featured_media":20518,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1225],"tags":[1481,765,543,43,981],"class_list":{"0":"post-20516","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"tag-ai","9":"tag-iot","10":"tag-news-2","11":"tag-privacy","12":"tag-robots"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/robot-vacuum-privacy\/20516\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/robot-vacuum-privacy\/25021\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/robot-vacuum-privacy\/10431\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/robot-vacuum-privacy\/27587\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/robot-vacuum-privacy\/25348\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/robot-vacuum-privacy\/25953\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/robot-vacuum-privacy\/28410\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/robot-vacuum-privacy\/27481\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/robot-vacuum-privacy\/34450\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/robot-vacuum-privacy\/11292\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/robot-vacuum-privacy\/46682\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/robot-vacuum-privacy\/20127\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/robot-vacuum-privacy\/20735\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/robot-vacuum-privacy\/29770\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/robot-vacuum-privacy\/33099\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/robot-vacuum-privacy\/28785\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/robot-vacuum-privacy\/25708\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/robot-vacuum-privacy\/31396\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/robot-vacuum-privacy\/31106\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/privacy\/","name":"privacy"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=20516"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20516\/revisions"}],"predecessor-version":[{"id":20517,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20516\/revisions\/20517"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/20518"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=20516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=20516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=20516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}