Vacuum Cleaning Security-Pinky and the Brain Edition

Presented at DEF CON 27 (2019), Aug. 10, 2019, 4 p.m. (20 minutes).

Data collected by vacuum cleaning robot sensors is highly privacy-sensitive, as it includes details and metadata about consumers' habits, how they live, when they work or invite friends, and more. Connected vacuum robots are not as low-budget as other IoT devices and vendors indeed invest into their security. This makes vacuum cleaning robot ecosystems interesting for further analysis to understand their security mechanisms and derive takeaways. In this talk we discuss the security of the well-protected Neato and Vorwerk ecosystems. Their robots run the proprietary QNX operating system, are locally protected with secure boot, and use various mechanisms that ensure authentication and encryption in the cloud communication. Nonetheless, we were able to bypass substantial security components and even gain unauthenticated privileged remote execution on arbitrary robots. We present how we dissected ecosystem components including a selection of vacuum robot firmwares and their cloud interactions.

Presenters:

  • Jiska Classen - TU Darmstadt, Secure Mobile Networking Lab   as jiska
    Jiska has a M.Sc. in IT-Security. She is a PhD student at the Secure Mobile Networking Lab (TU Darmstadt) since May 2014. Her main research interest are wireless physical layer security and reverse engineering. You might also know her embroidery projects or game shows from past CCC events. Twitter: @seemoolab
  • Fabian Ullrich / clou as clou (Fabian Ullrich)
    Fabian has a M.Sc. in IT-Security. He is working as a researcher and analyst at ERNW. His main research interests are full stack IoT and web application security. In his free time, Fabian likes to capture some flags.

Links:

Similar Presentations: