An engineer discovered that the manufacturer can remotely brick his smart vacuum for not collecting data.

Hacker News is a community-driven platform for sharing and discussing technology news, startups, and programming-related topics. Through user submissions and comments, Hacker News offers insights into emerging technology trends, industry developments, and entrepreneurial ventures. Readers can participate in discussions, share their insights, and stay informed about the latest advancements in technology and innovation.

Hacker News

An engineer discovered his iLife A11 smart vacuum was sending telemetry data without consent. After blocking the manufacturer's servers, the device was remotely disabled via a kill command. Through reverse engineering, he found the vacuum had unsecured root access and was transmitting 3D maps of his home. He successfully revived the device using custom hardware, Python scripts, and a Raspberry Pi, enabling it to run completely offline. The incident highlights serious privacy and ownership concerns with IoT devices that rely on cloud processing.

Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline

Isn’t it illegal to remotely disable a product bought by one of your customers wherever this individual lives ?! It really is concerning, not even talking about telemetry sent without consent

This sounds like the most illegal thing you could ever do in europe.

As I was commenting on the previous iteration of this post:
&quot;Was there any kind of licence agreement, for example in the app? If yes and the data collection and the “punishment” for blocking data collection is there then, yeah. But if not, isn’t this potentially base for a class action lawsuit?
Great article btw.&quot;