Best of IoTNovember 2025

  1. 1
    Article
    Avatar of 80lv80 LEVEL·29w

    Programmer Discovers His Smart Vacuum Was Spying on Him

    A programmer discovered his ILIFE A11 smart vacuum was sending unencrypted data including Wi-Fi credentials and home maps to manufacturer servers. When he blocked the data transmission, the device was remotely bricked by the manufacturer. After disassembling it and accessing its unprotected Android Debug Bridge, he found the manufacturer had root access via pre-installed software. The same hardware powers devices from multiple brands including Xiaomi and Wyze, suggesting widespread vulnerability. He successfully restored the device with full local control by removing manufacturer access.

  2. 2
    Article
    Avatar of thevergeThe Verge·29w

    Ikea’s new smart home collection is entirely Matter-compatible

    Ikea launched 21 new Matter-over-Thread smart home devices, including the Kajplats smart bulb collection, Bilresa wireless remotes, Grillplats smart plug, and five sensors for motion, doors/windows, water leaks, temperature/humidity, and air quality. The devices work across different brands and platforms, with US availability starting January 2026 for remotes and sensors, and April 2026 for bulbs. Ikea's Dirigera hub now officially supports Matter controller functionality, allowing users to control Matter devices from other manufacturers through Ikea's Home Smart app.

  3. 3
    Article
    Avatar of 80lv80 LEVEL·27w

    Developer Runs Minecraft On Smart Lightbulb

    A developer successfully ran a Minecraft server on a smart lightbulb's BL602 microcontroller by creating Ucraft, an extremely compact server implementation. The binary is only 46-90 KB depending on authentication, with heap usage reaching 20-70 KB for up to 10 players. The project demonstrates creative resource optimization for embedded systems and is available on GitHub with build instructions.

  4. 4
    Article
    Avatar of hnHacker News·29w

    Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline

    An engineer discovered his iLife A11 smart vacuum was sending telemetry data without consent. After blocking the manufacturer's servers, the device was remotely disabled via a kill command. Through reverse engineering, he found the vacuum had unsecured root access and was transmitting 3D maps of his home. He successfully revived the device using custom hardware, Python scripts, and a Raspberry Pi, enabling it to run completely offline. The incident highlights serious privacy and ownership concerns with IoT devices that rely on cloud processing.

See all IoT archives