Vacuum bricked after user blocks data collection – user mods it to run anyway
26 comments
·November 1, 2025booleanbetrayal
MrZander
You might be interested in this project https://valetudo.cloud/
They have a list of supported vacuums
dylan604
"From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware."
He should make these and sell them. It would be worth it to just drive it in "discovery" mode and give it the exact path to follow while cleaning. The constant inability to learn the floor plan is beyond annoying.
HiPhish
Depending on where he lives this might be illegal. Yes, we live in a cyberpunk dystopia where the manufacturer can break what you bought and then send you to jail for repairing it. You can read more about it here: https://consumerrights.wiki/w/Digital_Millennium_Copyright_A...
This shit is absolutely dystopian. The law must not just be reversed, manufacturers need to be taken to court for shoddy software. Insecure data collection and transmission should be treated the same as having unsafe electrical wiring. It is a defect that needs to be either fixed or the product recalled. As long as manufacturers are not just allowed to but rewarded for selling defective products this won't change. I expect the moment unsolicited data collection becomes a liability manufacturers will drop it like a hot potato.
habibur
Previous post
https://news.ycombinator.com/item?id=45503560
which points to the actual blog of the author on github, instead of a news coverage of it.
sema4hacker
I wish I had the abilities of the engineer, plus the time he could devote to the problem.
erulabs
Thankful for people like this - with kids and family and work I’d probably have had this sit bricked for a year in my garage before finding time to tinker with it. Now I can just never buy any iLife product ever.
We should probably update this story to link directly to the hackers blog, they deserve the credit! https://codetiger.github.io/blog/the-day-my-smart-vacuum-tur...
MostlyStable
There is a significantly easier option (although still more work than just buying a vacuum and using it as the manufacturer intended): get one of the Valetudo supported vacuums[0]. This firmware replacement blocks telemetry and allows for near complete feature parity with the original firmware, and flashing is (usually) relatively simple. Certainly much simpler than the process described here.
[0] https://valetudo.cloud/pages/general/supported-robots.html
null
m463
I block this nonsense before it gets to the cash register.
HiPhish
That's always a good idea, but how many people have the resources to research these details? First of all you have to be aware that this issue even exists. Then you have to scrape the corners of the internet for whether an appliance has any anti-features, because no manufacturer will ever write "collects unsolicited data about you, we will break the appliance if you refuse us your personal information" on the box. And finally you need to be able to afford the time and patience for the whole process.
I don't own a smart vacuum cleaner because the trouble is not worth it to me. However, I can see smart vacuum cleaners being very good for elderly or disabled people, or someone who has very limited free time and could let the robot clean the house on its own while the owner is out. It is really disgusting that scumbag manufacturers are exploiting those people.
charcircuit
I suspect this is not the full story. Why would someone waste their time manually disabling a device? That makes me think that this device was doing something malicous to their servers, enough to trip an alert.
xupybd
Not really. They probably flagged this as someone modifying the device and thought it could be someone reverse engineering it.
homeonthemtn
This seems a bit sensationalist.
Guy hacks smart vacuum. Smart vacuum behaves different than standard vacuum. Manufacturer kills vacuum remotely.
As the business running the servers of smart vacuums, if I saw an atypical device reporting in, without context, I too would kill that device.
Because they're vacuums. Why would they not be homogenous?
Sanzig
The owner did not hack the vacuum, he blocked the IP address on his network for the telemetry server. Same thing tons of people do with Pi-Hole DNS blocking, for example.
There's no sane world where it is defensible to remotely brick a device because it can't communicate with a telemetry server.
Zak
> As the business running the servers of smart vacuums, if I saw an atypical device reporting in, without context, I too would kill that device.
If you want to block a device from accessing your servers because it's behaving in an odd way, such as this one that was contacting the update server but not the telemetry server, that's not entirely unreasonable. Sending it a command to modify its software to stop it from operating entirely is outrageous.
bigbadfeline
> Why would they not be homogenous?
Why would a business have the power to decide what should and what shouldn't be homogeneous about the property of others? A transaction took place, property has legally changed hands and the former owner is exerting control over property that isn't theirs any more.
How about if the builder of your house comes into your home via an access route unknown to you, and starts rearranging where things are placed, or where you and your wife are placed, etc. in order to maintain homogeneous layout?
HiPhish
> How about if the builder of your house comes into your home via an access route unknown to you, and starts rearranging where things are placed, or where you and your wife are placed, etc. in order to maintain homogeneous layout?
And if you complain he kicks you and your wife out of the house you bought. And if you dare to close off the backdoor he sends you to jail.
dylan604
> How about if the builder of your house comes into your home via an access route unknown to you, and starts rearranging where things are placed, or where you and your wife are placed, etc. in order to maintain homogeneous layout?
I've seen this movie. Only, the twist was that the home was built 100+ years ago and the builder long since dead. The family living in the home currently had to resort to an exorcist.
Edit to say that the sarcasm is direct rebuttal with the preposterous nature of the hypothetical.
below43
This is a cool article, and neat he got it working in the end.
One thing that is odd - if he blocked it calling home, it doesn't make sense that the kill code was issued remotely. It makes more sense that there is a line of code internally that kills the machine when it can't call home (which would be far less malicious).
ThePowerOfFuet
The business has no right to remotely kill a device purchased by an end user.
whycome
Yeah! Just degrade the battery life and user experience through forced updates so they are pushed to upgrade instead!
sidewndr46
You don't own the software on the device, they do. If they choose to revoke that license, that is their choice.
chrismcb
Well, no. You can't just revoke a license. As far as owning the software in the device, I works would argue that you do own a copy of it. I'm sure there is some buried tos claiming you just own a license to run it, and I know this is still being litigated. But when the average person purchases someone their expectation is that they've purchased it, not licensed it.
awefasdf
I own the device and all of its storage. The exact state of that storage is my business and precisely no one else's.
dylan604
Did you accept the EULA?
Never connected my Roomba to the internet and it has worked fine for the past several years. It insists that I should connect to it via the app to resolve the occasional minor issue, but I would always ignore those. It's starting to show its wear and it's probably time for a new vacuum. I'm not sure if I'll be able to bootstrap one without connectivity, nowadays. Any good recommendations out there?