Insecure Robot Vacuums From Chinese Company Deebot Collect Photos and Audio to Train Their AI (abc.net.au) 13
Long-time Slashdot reader schwit1 shared this report from Australia's public broadcaster ABC:
Ecovacs robot vacuums, which have been found to suffer from critical cybersecurity flaws, are collecting photos, videos and voice recordings — taken inside customers' houses — to train the company's AI models.
The Chinese home robotics company, which sells a range of popular Deebot models in Australia, said its users are "willingly participating" in a product improvement program.
When users opt into this program through the Ecovacs smartphone app, they are not told what data will be collected, only that it will "help us strengthen the improvement of product functions and attached quality". Users are instructed to click "above" to read the specifics, however there is no link available on that page.
Ecovacs's privacy policy — available elsewhere in the app — allows for blanket collection of user data for research purposes, including:
- The 2D or 3D map of the user's house generated by the device
- Voice recordings from the device's microphone
— Photos or videos recorded by the device's camera
"It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs..."
The Chinese home robotics company, which sells a range of popular Deebot models in Australia, said its users are "willingly participating" in a product improvement program.
When users opt into this program through the Ecovacs smartphone app, they are not told what data will be collected, only that it will "help us strengthen the improvement of product functions and attached quality". Users are instructed to click "above" to read the specifics, however there is no link available on that page.
Ecovacs's privacy policy — available elsewhere in the app — allows for blanket collection of user data for research purposes, including:
- The 2D or 3D map of the user's house generated by the device
- Voice recordings from the device's microphone
— Photos or videos recorded by the device's camera
"It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs..."
BIg guy and small guy dangers. (Score:5, Insightful)
Other than the more broad "Companies are taking too much data" problem, theres also a pretty serious danger from entities smaller than that. This is an organized criminals wet dream of a dataset. Comprehensive collections of addresses, names, internal maps and photos of targettable assets, and enough information to work out when people are and are not at home. Is there a big dog. Are any of the occupants large capable males. Where is the gun kept if in the US. Is there an attractive young woman to sexually assault.
Every terrible terrible question a criminal might want to know, and all assembled into one big dataset a competent hacker would take all of ten minutes to break into (keep in mind, this is a company stupid enough to decide this was a good idea, it probably doesnt have a full time high-skill security guy, cos if they did he'd have been protesting from the high heavens to stop this nonsense at once.
Yeah, this is an insanely dangerous dataset.
And I doubt they are the only ones.
Re: (Score:2)
Is there an attractive young woman to sexually assault.
Or is there video footage up the woman's skirt, as these cameras are at ground level.
If you think that Ai training is all... (Score:2)
Those robots are probably doing more than feeding datasets to Chinese companies involved in AI training. Meanwhile, datasets from Reddit and Discord would be pretty juicy for AI training, don't you think? Ditto for TikTok.
My dog was right (Score:5, Funny)
Turns out the vacuum is a dangerous intruder.
That's it. I've had it with this spy-tech. (Score:3)
I'm buying a broom.
If they're insecure (Score:3)
Only the Chinese companies? (Score:4, Interesting)
I'd be surprised if the vacuums by many more mainstream brands were not doing the same thing. It's the sort of issue that will only be solved with legislative action because otherwise it will be just buried in an EULA, and there will be no brands not doing it for additional revenue. Even if the maker is not creating their own AI they can sell the data to Google or someone who is.
Megamaid? (Score:2)
WTF does a vacuum (Score:2)
have a camera in the first place
Re: (Score:2)
Could be using it to for navigation. What it "sees" is interpreted so it knows where a wall is without running into it, or move around furniture.
Re: (Score:3)
Forget the camera. Why does it have a microphone?
"WHRRRRR!!!"
That is a disgrace (Score:2)
robot vacuums [...] are collecting photos, videos and voice recordings â" taken inside customers' houses â" to train the company's AI models.
This should never be allowed! Only American-made products should spy [reuters.com] on [nytimes.com] Americans [usatoday.com].
I demand my dystopia be all-American!
Re: (Score:2)