This is a valuable lesson for any manufacturer: never awaken the nerd sleeping inside your customer, because his wrath shall be terrible.

In this case the warning was quite literal.

The company annoyed a buyer enough to push him into full blown nerd mode. He tore the product apart, reverse engineered every part, and then published a step by step guide showing exactly how to disable "kill switch" that prevented the use of the product without the vendor spying on the user.

What started as a minor grievance became a public, technical exposé that left the maker exposed and embarrassed.

Moral of the story: underestimate your users at your own peril.

The Day My Smart Vacuum Turned Against Me

@masek My wife bought one of these smart vacuums and it didn't even make it out of the box. Nope. Nuh-uh. Had to put my foot down there. And my dog/CSO wasn't wild about it either.

@masek “I am nerd. FEAR MY WRATH.”

@masek I intentionally bought a somewhat dumb smart vacuum and just live with the annoyance of it wedging itself under furniture occasionally because I have trust issues with a fully GPS powered unit. Good to know that people with much better tech knowledge than I are making a stand and fighting back.

@masek how is this a lesson for the manufacturer?. They are not gonna lose a significant amount of buyers from this.
If this story were to make it to mainstream media, they would at max need to rebrand this device another couple of times and that's it.
Stuff like this needs tough consumer-protection laws and enforcement.

@masek why use slop for illustration on a technical article?

Also I'm pretty sure this whole article is also slop.

@masek i have resisted "smart appliances for many years due to privacy worries and do i need it, i can get up and turn lights and appliances on/off, etc

and i don't like why thy have to connected to the internet all the time

your article shows me i was correct to resist, as there have been a number of cases over the years of manufacturers "bricking" smart devices when they no longer want to support them

your experience takes this one step further with a device being bricked due to no logging

@masek This sort of thing is EXTREMELY dangerous. Data from this sold on the open market can be purchased by ICE, the FB, or local cops and used to pre-plan a raid on an house.

Burglars and organized crime can do the same.

@masek My vacuum is very dumb. I rebuilt a Rainbow D4 I found at thrift from memory. My grandaddy repaired them and I watched him for hours and hours every week as a child. I have a couple of spare D2s in storage as well. For parts and backup. :)

@masek On the unmodified device, if the kill switch requires a remote command to be sent, blocking ALL networking (no open wifi and not giving in the passphrase) should block the command from being received. This won't work if a timeout on communications with the robot's true master is also included.

I would expect most users who block networking to block ALL of it, especially given the long history of updates that are downgrades (such as new DRM antifeatures and lockouts) in commercial devices of all types.

ANY device you cut off from the vendor needs to be cut all the way off including firmware updates. Hard for a 3ed party to exploit an offline device, so should be safe to stay with a "known good snapshot" firmware.

@masek gonna use this post as a chance to give a shout out to Valetudo for anyone reading this who is thinking about a robot vacuum - https://valetudo.cloud/ it frees your robot vacuum from its manufacturer's cloud, and will forever run happily with its internet access disabled.

@masek
Stop buying crap from Nazis.
" the use of the product without the vendor spying on the user."

@masek

When we were looking at vacuum robots I said I didn't want anything that needed to connect to WiFi to do its job because I remembered the babymonitors that used WiFi and griefers had "hacked" to terrify toddlers. So we got an Ecovacs Deebot and it'll go around in a frustratingly random way and not "see" things just next to it, but it gets the job done.

https://boingboing.net/2016/01/19/griefer-hacks-baby-monitor-te.html

@masek Absolute hero!!

@masek egh, I thought this could be interesting but the first thing I saw was totally unnecessary slop, nevermind then

@masek Also, don't sue users who explain that your security sucks, fix your security. https://arstechnica.com/tech-policy/2025/10/suing-a-popular-youtuber-who-shimmed-a-130-lock-what-could-possibly-go-wrong/

@masek I never trusted Henry either

@masek Excellent blog post! I actually prefer to clean my own house and fix my own shit. I'm not as smart as the engineering in the blog post, but like figuring out how shit works, so probably would have taken me months longer (if not years).

And hell I don't mind, it keeps me off my other smart devices trying to steal my data and control my life.

I don't think there's a corporate entity (or goverment) I trust anymore.

@masek @javensbukan Amazing isn’t it! We need more people like that. And ideally small businesses that offer the service of “weaning” products of their manufacturers!

@masek
By way of appetiser:
"It was a marvel of cheap engineering, but also a privacy nightmare waiting to happen. ... I discovered something shocking: Android Debug Bridge (ADB) was wide open — no password, no authentication. And it was running a version of Linux.
In seconds, I had full root access. No hacks, no exploits. Just plug and play...
The manufacturer had the power to remotely disable devices and used it against me for blocking their data collection"

@masek power to the user #powertotheuser #righttorepair #humanrightsforhumans #nerds4eva

@frenck another example of why we need more projects like Home Assistant!!!!

@masek Never buy from China... the ccp actively works at stealing every single peace of data it can. And one day, that data will be linked to AI to create chaos in the rest of the world

@masek I really want to give the content a go, but it’s all edited and riddled with that annoying GPT accent that instantly devalues the article in my own subjective experience. Too bad.

@masek To me, the moral is don't build surveillance tech

@briankrebs @masek My vacuum cleaner is very dumb, but it still works. It was built around 1960, and I inherited it from my grandmother.

An Electrolux, if you want to know.

@masek Now I just wish someone could do this for every car on the market.

It still blows my mind that people let cars get this way...

Well, and TVs and... oh geez. Everything.

@briankrebs My smart home is isolated from the Internet and when I test new devices the "Who do they talk to" is an important part of the evaluation.

But alas, the days have become dark and difficult. Everything wants to talk to the world.

@masek my comment sounds so negative. Thanks for sharing this interesting story. Also good warning for consumers. I just don't believe in companies being "embarrassed".

@f4grx Don't ask me that..

@f4grx It is an absolute slop fest. Horribly obvious ChatGPT writing including the classic "This isn't X; it's Y" all over the place and a claim that ADB was open... on a Linux based device?

It's a shame too because it's a genuinely interesting situation, but the AI slop writing is horrible to get through and makes the story look much more involved and long than it actually is.

@briankrebs @masek reminder that this exists: https://valetudo.cloud/

When our Roomba dies, I’m going to buy one of the easier models to re-firmware.

@luupies @masek The problem is, it's the same the world over...

@lbnvds @masek No part of this seems LLM-generated to me?

Is this how things are going to be? People have to write a certain way or everyone will accuse them of using a LLM and automatically refuse even to read it without caring that how it's written wasn't even the point?

@c_merriweather @briankrebs @masek Mine is dumb too. A Hoover PAWS Wind tunnel purchased in 2008.

My parents gave us their off-brand Roomba thingy from 2018ish. No camera, and we can't get it to work right. It just goes back and forth in a weird diamond pattern and won't do anything else. 😆

@tildeMtilde No offense taken... I am aware that I won't teach humanity through my Mastodon account.

@masek @briankrebs I had to revoke my thermostat's permission to access the internet after it wanted my name and address before it would let me connect it to an app. I will adjust it by hand twice a day instead, thanks.

@courtcan @briankrebs @masek I am surprised that someone has not some has not put an RC controller on a "roomba" so it can be operated with a joystick.

Just sittin' there on the Lay-z-Boy, feet up, directing the vacuum cleaner around the room.

@IvanDSM @f4grx he’s not outside the realm of possibility claiming adb. Just because the rest of user space is not Android, doesn’t mean that you cannot run adbd. It offers some very useful services, that are not Android-specific. In fact, my LTE modem runs adbd (with no other Android bits).

@c_merriweather @courtcan @briankrebs @masek I believe they intrinsically could be. Stories of people playing frogger with them are teasing at my memory. Yes they put it in a costume. My first one definitely had a remote. I suspect to get it out from under the bed.

@c_merriweather @briankrebs @masek My spouse knows electronics extremely well, and I am going to ask him if he can make this happen for me. It would increase my life satisfaction exponentially! 😄

@masek @tildeMtilde We can dream 😄

@c_merriweather @courtcan @briankrebs @masek

A toy for your children ?

🤪

@masek I wish the article didn't use AI slop for the featured image. Not that it's your fault.