Can you imagine that a picture of you going to the bathroom one day suddenly circulated on the Internet?
In 2020, a photo of a woman sitting on a toilet to defecate appeared on an online forum for gig workers in Venezuela. In addition, many photos of people’s daily life at home are also posted on the Internet.
The upward angle of these “sneak photos” reveals the identity of the person who took the sneak shots – a sweeping robot .
1
2
Some of the leaked photos were “candidly shot” by the iRobot beta robot. The leaked original image did not have any coding on the face, and the mosaic was added later by the MIT technology review website. (The toilet photos included in the leaked pictures are not listed here)丨MIT Technology Review
Sweeping robot,
Mobile “candid photographer”?
After investigation, it was found that these photos were taken and transmitted by the Roomba sweeping robot launched by iRobot.
iRobot then issued a statement, explaining that normal sweeping robots would of course not take sneak shots, and that these were “specially developed” test versions . Users who use these robot vacuums sign an agreement that allows the company to collect relevant data.
Allowing collection does not mean that it can be released to the public. Originally, these photos would be sent to Scale AI, a company specializing in artificial intelligence data training, and then distributed by Scale AI to data labeling workers around the world to optimize the program of the sweeping robot. It stands to reason that the data in this process is completely confidential, and sensitive photos will also be deleted. But the reality is that these private photos appear in forums, groups and even social media.
1
2
Part of the leaked photos, the family layout is also at a glance. The item tags in it are annotated by the data labeler.丨MIT Technology Review
iRobot, which has shared more than 2 million photos with Scale AI, said its CEO has terminated cooperation with the service provider that leaked the images and is actively investigating the matter.
This is not the first frightening “sneak shot” incident of a sweeping robot. In 2017, a network security company in the United States exploited a loophole to hack into a sweeping robot, turning the sweeping machine into a walking camera that can monitor the situation at home in real time.
From this point of view, the camera on the sweeping robot seems to have brought a lot of security risks of privacy leakage. That being the case, why do you have to put “eyes” on the sweeping robot?
Why does the sweeping robot take pictures?
Avoiding obstacles has always been one of the core functions of sweeping robots. Early sweeping robots used ultrasonic sensors and collision sensors to locate obstacles in the room. Although they could also navigate, they were actually more like ” walking with eyes closed .”
In order to make the sweeping robot more intelligent, manufacturers have equipped it with lidar and infrared sensors. However, the lidar mounted on the top can not scan the blind area close to the ground , and it has difficulty identifying transparent and black objects. Infrared light can also be difficult to identify small things on the ground. Robots running around at home will not only take away socks and eat Apple charging cables worth 145 yuan, but may also “spread dung and paint walls”. (Extended reading: What will the sweeping robot do when it encounters shit? Of course it is “painting the wall with dung” )
Sweeping robot: the “pancake master” who can’t see the feces on the ground.丨Mike Flores/Twitter
Today’s sweeping robots have added “real eyes” to assist navigation . Use the camera to shoot the real environment, and then let the AI continuously learn and identify slippers, wires and other debris on the ground, so as to avoid obstacles more accurately. Manufacturers need to use as many real photos as possible to train AI so that it can avoid obstacles intelligently and accurately. Therefore, “private photos” from real family photos have entered third-party data labeling companies.
Regardless of whether it is a hacker attack or a human leak, if the manufacturer’s security protection measures are not strict enough, these sweeping robots connected to the network have the risk of data leakage.
Among the major brands of sweeping robots tested by Consumer Reports in 2021, iRobot also ranked among the best because of its excellent data security measures. But now it seems that a non-compliant security operation can collapse the original good reputation.
Some sweeping robots come with a visual recognition baffle, which can be used to block the camera to avoid shooting丨TechTablets/Youtube
Nowadays, smart homes are popular, and sweeping robots are only a small category of intelligent tools. The ubiquitous smart devices at home are very likely to spy on, invade or even disturb your life after connecting to the Internet.
blatant camera
If the camera on the sweeping robot just “accidentally” captured the privacy outside the sweeping work, then the smart camera specially used for “watching the house” can directly broadcast your daily life.
In early December, the well-known media The Verge reported the vulnerability of Anker’s Eufy camera. Until then, Eufy has promised to use local storage for camera data so that “your data never leaves your home.” However, security personnel found that the unencrypted video recorded by the camera will be uploaded to the cloud , and the video can even be played back directly on the cloud, and all this only needs to obtain the user name and password.
Hackers find web access to cameras claiming to use locally stored data丨The Verge
If there are no safe and reliable measures, you may not even realize that your camera is being called by others. Using the search engine Shodan to search for IP addresses with open ports on the Internet, a security researcher in the US did some quick searches and saw footage directly from cameras from around the world: classrooms in China, kitchens in Spain , Canada’s baby room…
What is more terrifying than being monitored is “control”. In 2019, the Amazon Ring camera installed in the room of an 8-year-old girl suddenly heard the voice of a strange man who harassed the girl with words and music for a few minutes.
There are many similar intrusions. A screenshot shows a hacker threatening an elderly woman.
This harassment even affects police law enforcement. Recently, several young hackers were indicted for hacking into Ring doorbells. They collected residents’ information to report to the false police, and taunted the police who came to enforce the law through the Ring doorbell. In addition to the hackers, Amazon, which holds the data, has also admitted that they handed over the footage recorded by the Ring doorbell to the police without the permission of the owner .
An unreliable camera is like a privacy spy, and it is difficult for us to know who else is watching the footage related to us. However, in addition to peeping, smart devices without “eyes” also have security risks.
Unexpected “invasion”
In 2017, a computer security firm disclosed a vulnerability in LG’s smart home system. Hackers can use this vulnerability to control smart devices in the home, including LG ovens.
LG’s connected ovens offer remote preheating, meaning hackers could also turn on the heat remotely , posing a potential security risk.
In addition to smart homes, connected toys cannot avoid the risk of intrusion. A “high-tech” adult toy male chastity lock has been exposed to outrageous loopholes. The chastity lock offers a remote control function that users can operate through a mobile app. A British security company has discovered a flaw in the product’s application software that allows hackers to remotely lock chastity locks directly…
“Smart” adult toys typically use Bluetooth to connect to phones, while remote control relies primarily on the manufacturer’s servers. After a hacker breaks into a server, not only can they see the user’s information, but they can also directly control it.
Fortunately, there have been no victims on the market. To be on the safe side, the toy’s production company gave a customer service call and a backup unlocking solution (prying it open with a screwdriver) after the vulnerability was exposed.
Official show how to unlock manually丨CELLMATE CHASTITY
With all the scary news, we don’t want you to throw away your smart home and devices, many of which are life’s best assistants. But before using it, you may need to do a few more steps to ensure safer use.
what should I do?
Although many bugs in smart devices originate from the manufacturers themselves, it is difficult for us to make any remedy for data leakage, but for home network security, we can do what we can.
Keep your Wi-Fi secure at home
Use a regular router and enable the firewall function;
Change the default router name, regularly change the router login password, and check for unfamiliar devices connecting.
change the default password
Change the default passwords of routers, cameras, etc. to your own strong passwords. Sensitive devices use independent passwords that do not repeat common passwords in the past. Conditional two-factor authentication (such as SMS verification code) can be enabled.
Choose products from major manufacturers and update software regularly
It is best to choose smart products from major manufacturers, in case the manufacturer’s own software has security holes. At the same time, software patches can be checked and updated in time to fix security vulnerabilities.
You can also create a separate guest network
If you want to ensure security, you can also put your smart home separately on the guest network. Create a guest network directly on the router’s management web page and set a separate password.
Understanding the Data Collected by Smart Products
Facing the privacy policy in the software, we are used to clicking “I have read” directly. But in the face of the smart devices around us, we need to carefully check these files. You need to pay attention: what data is collected? How will smart devices use this data? Is the data encrypted? Where does the data exist?
User privacy policy for commercially available robot vacuums. (Top) When using the cloud computing obstacle avoidance function, the pictures and videos uploaded by the sweeping robot may contain private information. (Bottom) When users participate in business expansion, the data collected by the sweeping robot may be used as test materials.丨ECOVACS HOME App Privacy Policy – Ecovacs
If you encounter the option of data sharing, you can choose “not sharing” first . Do not turn on sharing options until you have read the Privacy Policy in its entirety.
think before you buy
Is networking really necessary? Is networking really necessary? Is networking really necessary?
It may not be so easy to buy a “non-smart” microwave oven now, but after you buy it back to the Internet, the only function you use may be remote notification. For this kind of “smart and not so smart” device, you should not connect to Wi-Fi after you buy it.
As Microsoft puts it in the article “Using Smart Devices More Securely”:
“Without a Wi-Fi password, your microwave can still bake cookies and your fridge can chill drinks.”
references
[1]’ A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?’, https://ift.tt/Y0k5Rgs
[2]’ Is Your Robotic Vacuum Sharing Data About You?’, https://ift.tt/0pM8FSA
[3]’Anker’s Eufy lied to us about the security of its security cameras’, https://ift.tt/o6TxmpX
[4]’Amazon gave Ring doorbell videos to US police 11 times without permission’, https://ift.tt/5EjhrB3
[5]’ She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter.’, https://ift.tt/lcTLWj8
[6]’ “Internet of Things” security is hilariously broken and getting worse’, https://ift.tt/bKTXwD6
[7] ‘Cellmate: Male chastity gadget hack could lock users in’, https://ift.tt/rjUIs0i
[8] Use smart devices more safely. https://ift.tt/tJ3cPCZ
Author: Chen Mo
Edit: Owl, Window Knock Rain
an AI
Since it’s okay to cut off my Internet, why do I have to pull the plug! Rough human beings! (?
This article comes from Guoke, and shall not be reproduced without authorization.
If necessary, please contact [email protected]
This article is transferred from: http://www.guokr.com/article/463200/
This site is only for collection, and the copyright belongs to the original author.