A robot vacuum can be “hacked” but not in the way you might think.
After looking into the couple of reports of robot vacuums being hacked and the many news articles about them, I saw a common misunderstanding.
They weren’t hacked, people were using bad passwords.
Those passwords were in previous security breaches and because people like to reuse passwords they got “hacked“. It’s not really hacking, but the word gets more attention for the news, and thus here we are.
Keep From Getting Hacked – Do This
Keeping your robot vacuum from being hacked is quite simple…
Use a password you never used anywhere else for your account.
I wouldn’t stop there, you should give every account a unique password, especially important ones like your email and banking. To make this easy for you, I suggest getting a password manager or a password book*.
Most of the hacking you’re going to experience in life will be simply because you used a bad or reused password that was leaked from other breaches. The attack that is performed is called credential stuffing, and it’s the most common ways people get “hacked”.
To see how bad it really is and how many breaches you’re in, check out HaveIBeenPwned. You can enter your email, and it will tell you all the –known- breaches you’re in.
If you’re worried about this site, then check out Troy Hunt, who runs it and why he’s kind of a big deal.
Use 2FA Where You Can
Having a random password for every website is a good start, but if you want to take it up a notch, you should also be using 2FA where you can.
2FA stands for Two-factor authentication, or also sometimes called two-step authentication.
You may be familiar with 2FA, as some websites will send you a text message or an email when logging in and have you press a link or enter a code. Forcing 2FA is how Ring fixed their “hacks” and it worked for them.
The bad news is that most robot vacuums don’t support any kind of 2FA.
So having a good and random password is the most important thing you can do now. Most email providers do support 2FA, so at least have 2FA on your email account because whoever controls the email account controls password resets.
There are a few more things you can do to make your robot vacuum more secure that we’ll talk about next.
Use Fake Info
Something extra you can do to make your Roomba more “hack proof” is to use fake information.
When you create your account, don’t use your real name and use a forwarding email address.
If you have a Gmail account, you can do the plus addressing option for a unique email address.
An even better option is to use a forwarding service like SimpleLogin, which gives you an entirely unique email address that will forward to your email address.
As stated before, most of the "hacking" is because people reuse passwords that end up getting leaked. They also use the same email address for most things too, it makes credential stuffing attacks very easy when you do this and that is how people get "hacked". If you're using a unique email address and password for your robot vacuum, getting hacked is vastly harder, especially when there are easier targets to go after.
Make Sure You Keep Your Robot Vacuum Up To Date!
Another way to keep your robot vacuum from being hacked besides having a good password is to keep it up to date.
Every so often, check in on your robot vacuum’s app to make sure there is no update for it. If there is an update, please do it as soon as possible. There is only so much you can do with passwords and 2FA if there is a bug in the code, so keeping your robot vacuum up to date is very important.
Don’t Connect The Robot Vacuum To The Wi-Fi
If this is all a bit too much, you could always not connect your robot vacuum to the WIFI.
When you need to clean, you just press the clean button and let it work. No internet or phone required!
Don’t Stress Too Much
Life is not like the movies.
Hacking your robot vacuum doesn’t offer much to hackers, and using unique and random passwords for your accounts makes most hacking you see these days near impossible.
So don’t stress about it too much!
Your Netflix account has more value to a hacker than your robot vacuum, as that account can be resold. Your robot vacuum account is useless without physical access to the robot vacuum.
Mapping Your Home – Safe?
What is interesting to me about this whole debate is that people are worried their robot vacuum is mapping the inside of their home.
It’s a valid concern, but let’s take a step back.
Most counties and office of records have blueprints of your home, which many people can already access.
If you ever sold or bought a home, there are often pictures of the inside of your home used for the selling and buying process. These listings don’t always go away, Zillow and many others like them keep these up for anyone to see. Even if you delete them from Zillow, there are archival sites saving snapshots of those webpages.
Not only that, the architect who built your home sells the floor plans online with images of what it looks like, often showing the layout for free.
About the only thing that won’t be known is the current furniture layout, but knowing where the walls and doors are located is far more valuable.
I mean, it’s not difficult to predict you’ll have a sofa in your living room and a table in your dining room.
The robot vacuum knowing your home layout seems a bit overblown when this information is already everywhere. I guess most people don’t realize it, as most also don’t realize that reusing passwords is bad.