Valetudo: Taming spying automatic robot vacuum cleaner

Sicherheit (Pexels, allgemeine Nutzung)[German]Automatic robot vacuum cleaners are now in many households. The devices are collecting many data and can spying on a user environment. How can the owner of such an appliance prevent data from flowing into the manufacturer's cloud? I have been in contact with a German blog reader about this topic and provide some information below.

Smart vacuum cleaners collecting and transfer many data

I have already addressed this topic in my German blog post iRobot: Der (Daten-)Staubsauger? (iRobot: The (data collecting) vacuum cleaner?). It was about an intelligent iRobot vacuum cleaner from the manufacturer Roomba. It scurries around rooms and is supposed to keep their floors clean of dirt. However, the device could be used as a data vacuum cleaner and thus as a data slinger.

The strategists at Romba have come up with the idea that the SmartHome contains a lot of information from lamps, intelligent thermostats and so on. The iRobot (or its successor) could map the cleaned rooms.

This mapping data could possibly be sold to providers such as Amazon or Google. The mapping data could be used to control air conditioning systems more precisely or adjust room sound systems.

Rototer-Staubsauger

Security provider Bitdefender has published an article "Your robot vacuum cleaner might be spying on you" in September 2024, that describes, what a smart device knows about its owner. It was also about the iRobot and the fact that Amazon wants to take over the manufacturer. It also dealt with the question of what information such a device collects and what data could be sold.

  • The devices record or know the floor plan of the home
  • The devices can create a usage pattern, which gives third parties clues as to when people are at home

And the device has information about the home network, as it has to log in via WLAN. And I've published the German blog post Ecovacs-Heimroboter als Sicherheitsrisko (Ecovacs home robot as a security risk), in which I published an analysis of what data such devices transmit to the manufacturer in the cloud. Ecovacs home robots are a walking security risk, hackers can take over the devices and retrieve data about the owner etc., as a security check revealed.

Taming the data flow to the vendor

My article mentioned above led to a reader response pointing out that certain device models can be tamed. German blog reader Marcel posted this comment on the article about the Ecovacs home robot and pointed to Valetudo as a solution. His statement: If you don't want the device to send data to the cloud, don't want to install the manufacturer's app on your cell phone and don't want the manufacturer to switch off parts of the device, you can use Valetudo. His solution ensures that the manufacturer does not know that the device has ever been put into operation. I asked Marcel if he would like to provide more information. Here is his response with details.

A robot vacuum cleaner is desired

Marcel wrote that he wanted to buy a robot vacuum cleaner to give himself a bit of comfort. But when he researched what these devices can do, he quickly became disillusioned: you need an app on your cell phone, it transmits to China, knows your home down to the centimeter, takes photos and evaluates the furnishings. And the whole thing no longer works if the manufacturer no longer exists. That's not what the reader wanted.

Establishing of a privacy solution

Marcel came across Dennis' presentation at DEFCON 31 quite early on, which confirmed the reader's concerns, but in a funny and very positive way. The DEFCON 31 presentation is available on Youtube. The video clearly shows that the devices:

  • transferring data (pictures, videos, home furnishings, audio) to China
  • only work with their app, of which it is not known how long it will do so
  • have built in software-controlled planned obsolescence

The reader was primarily bothered by the loss of control over the device. The questions were: How long will it work? Will the manufacturer switch off the servers or deactivate a component? But Marcel was no less disturbed by the fact that extensive data was being passed on. It felt like spying in the private sphere.

Valetudo to insulate the vacuum cleaner

At the same time, Marcel came across Sören Beye's Valetudo project. The project is based on Dennis' root. The reader began to get to grips with the details. The most important premise: You have to stand behind the project and want to do it, although it shouldn't be a bad thing if you "brick" the robot.

Marcel wrote: "I don't want to talk anyone into Valetudo – everyone should know for themselves how far they want to go." He refers to Why Valetudo? and Why not Valetudo? for information. After reading the articles, the reader felt intrigued and wanted to try it out. So he contacted Sören and he sent him a PCB with components (his project on GitHub), which he soldered together to make the (Dream) adapter:

Board

Marcel then ordered the Dreame L10S Ultra dust collector (as this is on the list of supported devices) via Amazon. He then set about working through Sören's instructions (rooting and installing Valetudo). Without knowledge of Linux or without a structured and speedy way of working, it is not possible or only possible with a lot of practice and concentration!

Rough procedure: Recon > Root > Valetudo installation

Marcel packed all the necessary commands into a text file beforehand and separated them visually. He then went through everything twice dry, as you really only have 180 seconds before the robot becomes electronic waste.

Description of the fastboot rooting method

Steps for reconfiguration: Recon

  1. Do not start Dreame L10S Ultra and do not set it up with the app
  2. Note the serial number of the robot (usually under the dust box).
  3. Open cover and plug in PCB, connect USB cable to PCB and notebook
  4. Log in to the Debian notebook (bare metal install and no dual boot!) with Livesuit as root
  5. Download the latest Dustbuilder image from Dennis for the L10S Ultra and integrate it into LiveSuite
  6. Put the robot into fastboot mode, read out the config ID with the correct commands and save it
  7. Create samples of the original software

Root the device: Root

  1. Have the FEL image firmware created on Dennis' website – the blockchain will report when everything is ready.
  2. Install the root according to the instructions (180 seconds)
  3. In the meantime, interpret the outputs correctly in LiveSuit – stop when the instructions say: STOP (so play through beforehand!)
  4. After successful root, the robot restarts

Or if you were too slow and the robot restarts in the middle of boot1 or boot2 because the 180 seconds are up, 'we have an expensive brick'. As Marcel wrote: "Don't panic if you break the 180 seconds, like I did the first time. Fortunately, I had finished flashing boot1 and was able to continue with boot2 after consulting Sören and Dennis and preparing the new shortened command chain.

Installing Valetudo

You then have all the time in the world to install Valetudo, as the robot is already rooted after step 2 and there is no longer a watchdog. Here are the steps:

  1. Download the image belonging to the robot
  2. Download the http bridge matching the Debian on the notebook
  3. Connect the notebook to the robot's WiFi
  4. Save the calibration and identity data of the original software
  5. Install Valetudo
  6. Restart the robot
  7. And work through the start guide

Future plans about features

Bob, as Marcel calls the modified robot vacuum cleaner, does an excellent job. He can be fine-tuned, writes Marcel – all the functions that Bob's hardware offers and that are customizable can be adapted. But Bob also likes to just work in the very good default setup without having to tinker with his skills.

Marcel wrote: I can contact the vacuum cleaner robot via any device with a browser that is on the same network. Bob can't be reached from outside the network (theoretically you can via dynamic DNS and router shares – but I don't want that for my home network). He can also access the Internet himself and check whether Sören has an update for him. I enable him to do this when I receive an e-mail from Sören about a new Valetudo version. I no longer have any concerns about software obsolescence. I see it as a bit of freedom taken back and I feel safe in the knowledge that I'm not using a spy IoT device.

I would like to take this opportunity to thank Marcel for compiling this information. Perhaps it will inspire other blog readers who have such a device at home or are planning to purchase one.

This entry was posted in devices, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *