An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That’s when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn’t consented to. The user, Harishankar, decided to block the telemetry servers’ IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.
What’s the point? The manufacturer is interested in the map of your apartment and usage statistics. What do you think it’s sending when not in use? Does it have a microphone or something?
Since I haven’t pulled it apart or tried to decrypt the ssl traffic I have no idea whether it has “a microphone or something.” That’s the point.
Keeping it offline some of the time isn’t effective against passive data collection unless you’re willing to take the inconvenient step of factory-resetting it each time you’re about to use it. Anything it collects it can just hold onto until it next gets the chance to upload.