House Spy: Robot Vacuum Halted Remotely After Engineer Blocks China Telemetry
For over a year, programmer Harishankar Narayanan had been using his iLife A11 robot vacuum without incident—until he noticed that the device was constantly transmitting data to servers in China. When he attempted to restrict this traffic through a firewall, the vacuum began behaving erratically: within a few days, it shut down and refused to turn back on. Although the service center insisted the unit was functioning normally, the problem reappeared each time the vacuum was reconnected to Narayanan’s home network.
After the warranty expired, Narayanan decided to open the device himself. Inside, he discovered a fully functional Linux-based mini-computer equipped with a camera, sensors, and a SLAM module responsible for spatial mapping. Particularly alarming was the discovery of an open Android Debug Bridge (ADB) port without a password, as well as the presence of the “rtty” utility, which allows remote root-level control of the device.
Further investigation revealed that all Wi-Fi data was being transmitted to the manufacturer’s servers, and the event logs showed a record of a remote lock command—issued precisely when the vacuum had ceased to operate. This occurred shortly after Narayanan had blocked the device’s telemetry transmissions. It became evident that someone had remotely accessed the vacuum and modified its startup script, effectively disabling its main application. Each time it returned from repair, the vacuum would operate normally when connected to an open network, only to “die” again upon reconnecting to Narayanan’s home Wi-Fi.
According to the engineer, devices built on the CRL-200S platform from Chinese OEM manufacturer 3irobotix may be vulnerable to the same exploit. This hardware-software bundle is not exclusive to iLife models—it is also found in products from Xiaomi, Viomi, Wyze, Proscenic, and others. Examples include the Viomi V2, Proscenic M6 Pro, and Cecotec Conga 3290. Narayanan’s firmware analysis indicates that all of these robot vacuums share a common base code supplied by the OEM, with little to no modification by the brands themselves.
Experts warn that an open remote-access channel capable of executing arbitrary commands poses a serious privacy risk. Such backdoors, even if originally intended for factory debugging, often remain in production firmware and can be exploited not only by hackers but also by manufacturers themselves. The concern extends beyond telemetry collection—these devices, equipped with built-in cameras, microphones, mapping modules, and Wi-Fi connectivity, could enable covert surveillance of homes and their occupants.
Narayanan continues to analyze the code, gathering evidence about what data is being transmitted, who issued the shutdown command, and how the remote control mechanism functions. His findings are being published openly on GitHub for the cybersecurity community to review.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
