Insecure Robot Vacuums From Chinese Company Deebot Collect Photos and Audio to Train Their AI

Long-time Slashdot reader schwit1 shared this report from Australia's public broadcaster ABC: Ecovacs robot vacuums, which have been found to suffer from critical cybersecurity flaws, are collecting photos, videos and voice recordings — taken inside customers' houses — to train the company's AI models.

The Chinese home robotics company, which sells a range of popular Deebot models in Australia, said its users are "willingly participating" in a product improvement program.

When users opt into this program through the Ecovacs smartphone app, they are not told what data will be collected, only that it will "help us strengthen the improvement of product functions and attached quality". Users are instructed to click "above" to read the specifics, however there is no link available on that page.

Ecovacs's privacy policy — available elsewhere in the app — allows for blanket collection of user data for research purposes, including:

- The 2D or 3D map of the user's house generated by the device
- Voice recordings from the device's microphone
— Photos or videos recorded by the device's camera

"It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs..."

BIg guy and small guy dangers.

[sg_oneill]

Other than the more broad "Companies are taking too much data" problem, theres also a pretty serious danger from entities smaller than that. This is an organized criminals wet dream of a dataset. Comprehensive collections of addresses, names, internal maps and photos of targettable assets, and enough information to work out when people are and are not at home. Is there a big dog. Are any of the occupants large capable males. Where is the gun kept if in the US. Is there an attractive young woman to sexually assault.

Every terrible terrible question a criminal might want to know, and all assembled into one big dataset a competent hacker would take all of ten minutes to break into (keep in mind, this is a company stupid enough to decide this was a good idea, it probably doesnt have a full time high-skill security guy, cos if they did he'd have been protesting from the high heavens to stop this nonsense at once.

Yeah, this is an insanely dangerous dataset.

And I doubt they are the only ones.

Re:

[viperidaenz]

Is there an attractive young woman to sexually assault.

Or is there video footage up the woman's skirt, as these cameras are at ground level.

Re:

[BladeMelbourne]

Or is there video footage up the woman's skirt

That's terrible! Where?

Re:

[Malay2bowman]

This is serious. I think it should be investigated. Now where can I find this evidence? Asking for a detective friend

Re:

[stealth_finger]

#samejokebutworse

Re:

[GoTeam]

#similarjokebutnotquiteasgood

Re:

[stealth_finger]

Genuinely funny.

Re:

[Malay2bowman]

But AI internet stuff makes all the stuff in your home oh so better. We need internet connected toilet paper and internet connected dustpans and internet connected food! Barf If only we could throw the IoT guys into an asylum.

Re:

[GoTeam]

Barf If only we could throw the IoT guys into an asylum.

Many already are. It's called Cisco...

Re:

[nightflameauto]

But AI internet stuff makes all the stuff in your home oh so better. We need internet connected toilet paper and internet connected dustpans and internet connected food! Barf If only we could throw the IoT guys into an asylum.

Bill Gates wants you to have an IoT toilet, to collect data on your waste so that health services can be immediately notified if something *bad* is detected.

Re:

[Malay2bowman]

I'm waiting with bated breath for another IoT glorified Capri Sun packet squeezer or something like it to come out. It's only a matter of time before another grand scam like that comes to pass.

Re:

[Malay2bowman]

"Bill Gates wants you to have an IoT toilet, to collect data on your waste so that health services [and your health insurance company] can be immediately notified if something *bad* is detected" Fixed that for you

Re:

[nightflameauto]

"Bill Gates wants you to have an IoT toilet, to collect data on your waste so that health services [and your health insurance company] can be immediately notified if something *bad* is detected" Fixed that for you

In America, yep. That's the only health service with any pull. And it'll be used to punish us, probably by creating legal loopholes that state, "If such and such shows in waste, drop this fucker off insurance."

Re:

[Spinlock_1977]

What is a "paper"?

If you think that Ai training is all...

[DrMrLordX]

Those robots are probably doing more than feeding datasets to Chinese companies involved in AI training. Meanwhile, datasets from Reddit and Discord would be pretty juicy for AI training, don't you think? Ditto for TikTok.

Re:If you think that Ai training is all...

[AmiMoJo]

AI is only the latest reason for doing it. Amazon made people pay to bug their own homes with Alexa smart speakers years ago. These aren't even the first robot vacuum cleaners that collect images and other sensor data, and send it back to a server somewhere.

Car companies are some of the worst, as well as cellular service companies. Between them they know where you live and everywhere you go.

It's been a general problem for a long time now.

My dog was right

[penguinoid]

Turns out the vacuum is a dangerous intruder.

Re:

[stealth_finger]

Roombo

Re:

[Tablizer]

It's the worst kind, a Haitian Roomba ;-)

That's it. I've had it with this spy-tech.

[haxor.dk]

I'm buying a broom.

Re:

[antdude]

Watch out for the robot brooms! ;)

Re:That's it. I've had it with this spy-tech.

[Malay2bowman]

It's going to be an IoT device. It won't actually make the broom any better or easier to use or change it's core function. Instead, it will warn you when the bristles are slightly worn, and it will eject the bristles if you try to continue using it with the worn bristles or try to use 3rd party replacement bristles. And the masses will buy this crap because "AI" and shiny lights

Re:

[toxonix]

It will track and post all of your sweeping activities on the cleanl.io social app. Get daily challenges and awards! It's the revolutionary social sweeping app!

Re:

[Malay2bowman]

Someone somewhere is writing all of this down. If they gamify it and do their marketing right being sure to boast about this 'feature", I really can see this coming to pass. The Trojan Horse is starting to look real nice. :-/

Re: That's it. I've had it with this spy-tech.

[flyingfsck]

Please dont plug your broom into the internet

If they're insecure

[olsmeister]

perhaps therapy would help?

Re:

[mjwx]

perhaps therapy would help?

If anything I'd expect a robot vacuum cleaner to understand it's purpose in life.

Re:

[Askmum]

What I'm more interested in is why insecure vacuum robots feel the need to collect photos and transmit them. Do they suffer from a lack of low self-esteem? Are they sharing with other vacuum robots to see who has the better looking owner? Are they insecure of their effectiveness?

Questions, questions, questions.

Re:

[nightflameauto]

What I'm more interested in is why insecure vacuum robots feel the need to collect photos and transmit them. Do they suffer from a lack of low self-esteem? Are they sharing with other vacuum robots to see who has the better looking owner? Are they insecure of their effectiveness? Questions, questions, questions.

The robot vacuums heard about humans posting pictures of things online and thought it might help them feel a little less insecure if they had their own place to post photos and shared experiences. I don't understand why everybody's so up in arms about it.

Re:

[ClickOnThis]

Came here to say something like this. (Props also to the other posters in this thread.)

People, the word is unsecured not insecure. That is all.

Re: If they're insecure

[nasch]

Inadequately guarded or protected; unsafe

https://www.wordnik.com/words/... [wordnik.com]

Only the Chinese companies?

[SeaFox]

I'd be surprised if the vacuums by many more mainstream brands were not doing the same thing. It's the sort of issue that will only be solved with legislative action because otherwise it will be just buried in an EULA, and there will be no brands not doing it for additional revenue. Even if the maker is not creating their own AI they can sell the data to Google or someone who is.

Megamaid?

[dicobalt]

Origin story.

WTF does a vacuum

[rossdee]

have a camera in the first place

Re:

[quonset]

Could be using it to for navigation. What it "sees" is interpreted so it knows where a wall is without running into it, or move around furniture.

Re:

[PPH]

Forget the camera. Why does it have a microphone?

"WHRRRRR!!!"

Re:WTF does a vacuum

[jacks smirking reven]

If it actually worked I can actually see a robot vacuum being something I'd find voice controls useful for. If i could just tell it start or stop for a minute or go back home for the day without opening an app or having to track it down.

But we can't have nice useful things like that since any data nowadays is going to mined and financialized to the nth degree.

Re:

[Malay2bowman]

Good question. It has it becau+_-:£NO_CARRIER.

Re:

[cstacy]

WTF does a vacuum have a camera in the first place

Same reason God needs a starship?

Re:

[Malay2bowman]

That one almost ended very badly for Kirk

Re:

[Malay2bowman]

Navigation. And telemetry and seeing what you have in your home to compile that oh so valuable personal data. But mostly navigation.

That is a disgrace

[Rosco P. Coltrane]

robot vacuums [...] are collecting photos, videos and voice recordings â" taken inside customers' houses â" to train the company's AI models.

This should never be allowed! Only American-made products should spy [reuters.com] on [nytimes.com] Americans [usatoday.com].

I demand my dystopia be all-American!

Re:That is a disgrace

[hdyoung]

Yup, and it’s gonna stay like this for a long time, because there’s a lot of companies that want that sort of data. But, if Tesla employees can trade the juciest pics and videos among themselves for entertainment, that means security is already busted, and that stuff will leak out. Eventually, someone who matters to an important person will get ruined. I’m thinking like something really salacious about a senator or billionaire’s wife or granddaughter. Or a close relative of a supreme court justice, but only if it’s one of the conservative ones. At that point, people with actual pull will start to think twice about data security.

If someone hacks Tesla’s servers and does a massive data dump of camera/audio data from all the top-line teslas, it would embarass a ton of rich/important people all at once.

But, until then, it’s gonna be a data free-for-all and business as usual. Too much money being thrown around.

I’ve got no personal dog in this fight. I’m a normal plebe. If someone wants to laugh at a video of me changing into my pajamas, I’m old enough that I no longer give a rats ass.

The US grabs the pictures from the Cisco routers

[thesjaakspoiler]

so why bother deploying spy-vacuums all over the world if you can get all those images for free with hacking Cisco routers?

Re:

[CaptQuark]

How many Cisco routers have cameras built in? Even if you compromise the router, the victim still needs a device that has a camera AND is sending those images somewhere. Hacking a camera connected to OctoPrint won't gain you much, but the Ring indoor camera in the living room routing its images to Amazon would be a prime target.

Re:

[ClickOnThis]

I think thesjaakspoiler's point was that the images likely would go through a Cisco router, and that's where you could scrape them, if you have compromised the router. Encryption? Yeah, that could be another hurdle, but maybe not insurmountable.

Re:

[Malay2bowman]

Funny how Americans are worried about Chinese government getting their data when the US gov't is really the one that can do bad stuff to US citizens. The People's Republic of China does not really worry me much. Uncle Sam is much scarier.

Insecure Robot Vacuums ...

[fahrbot-bot]

Perhaps they just need some love and support while they work on their self-confidence?

And the IoT train keeps chugging along

[Malay2bowman]

Soon you won't be able to trust your electric toothbrush or your towel rack to not be spying on you and sending pictures of your dental hygiene or your willy to some weirdo on the other side of the planet, because they all have to be always on internet connected these days because such and such

Eesh, that headline.

[nightflameauto]

My mind instantly started saying, "Poor little insecure robots. They just want somebody to love them. And they misbehave like this to get attention? It's so sad."

I may need more, or maybe less, caffeine.

Simple answer

[RitchCraft]

Don't buy IoT devices, period. If you don't know how to set up your own home server and properly firewall your devices then stay away from them. I know, not everyone is tech savvy ... and that is precisely why these companies pull this shit.