me July 31, 2018 7:10 AM
An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs “/mnt/skyeye/ %s” with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account.

turn the vacuum into a “microphone on wheels,”

seems that physical access is not required for this, you only have to bypass NAT.
or maybe csrf and/or dns rebinding will do the job?

Alan July 31, 2018 7:10 AM

why in the world is the vacuum equipped with a microphone

probably: (a) it was supported by the chipset, so only pennies to add; (b) leaves open the possibility of future upgrades (or future models based on same hardware) that respond to voice commands

mrpuck July 31, 2018 7:14 AM

But why in the world is the vacuum equipped with a microphone?

How else could you tell it “You missed a spot”?

CallMeLateForSupper July 31, 2018 7:14 AM

“But why in the world is the vacuum equipped with a microphone?”

Well, when you pot it like that … 🙂
Maybe so its potential uses are consistent with its name: DICK-y.

Weather July 31, 2018 7:29 AM

Bypass Nat, modified HTML of the robot lookup table to search for a different dns,
when did people on this site show knowledge, @me(handle) keep it coming

WeskerTheLurker July 31, 2018 8:06 AM

Why? My guess is:

  1. Its designed (or designed in the future) to respond to voice commands.
  2. It was a “feature” of the SoC or whatever chipset it uses, so the manufacturer just left it there because it’d cost extra time and money to remove it.
  3. Both of the above.

Just goes to show that anything can be hacked, given enough time and effort.

David Rudling July 31, 2018 8:33 AM


“Just goes to show that anything can be hacked, given enough time and effort.”

Time and effort don’t enter into it. All that is required is laziness and stupidity by the designers and manufacturers. Those both seem to be plentiful when it comes to IOT devices.

David Forrest July 31, 2018 8:49 AM

The Roomba vacuums have a Piezo sensor in the brush compartment to detect excessive noise & vibration from things caught in the brushes.

NZ July 31, 2018 10:09 AM

@David Rudling:

I don’t think it’s laziness and stupidity, as these are pretty bright people with enough gumption to get on the leading edge of tech and turn their ideas into something profitable. Instead I think it’s a problem in the culture of those entrepreneurs, in which providing novelty and convenience and things like that is rewarded, while providing security and privacy is yawned at.

jeff July 31, 2018 11:05 AM

All the comments assume it’s either laziness or a feature. Nobody has suggested that the Chinese government requires it for all their IoT products. That was my first assumption.

albert July 31, 2018 11:22 AM


According to the article:
“…Thankfully, the exploits require the attacker to have either already infiltrated the robot’s network or gain physical access to the vacuum,…”

It’s important to emphasize that physical access is -not- required.

Just as physical access is not required for gaining entry into a myriad of other iOT devices.

. .. . .. — ….

PeaceHead July 31, 2018 11:32 AM

I’m not rulijng out that the mic was designed in, and/or built-in, and/or left in for malicious reasons or for black market financial reasons.

Yeah, sure, maybe maybe maybe it was just an oversight mistake or a cost issue, but I doubt it. Please don’t feed their “plausible deniability”. There are no guarantees.

Instead of wasting breath on “why is it there?” or “because because because because because of the wondserful things he does”, we ought to be talking about how to disable and prevent and mitigate these phenomenons.

Thanks for this insightful and informative articleset. I very much appreciate it.
If we continue to build an entire civilization upon the mere flow of electrons we will become increasingly vulnerable to these “sparks” of “genius” (these are NOT sparks of genius!).

We really ought to be going solar steampunk by now.
Scientists and Sanity-Protectors and Peaceful Survivalists Unite!

And the honorable Edward Snowden needs to be exhonorated along with the honorable Julian Assange. There’s too much work to do. They aren’t NAZI’s, and even NAZI’s got a get out of jail free card with Operation PAPERCLIP.

And if you can’t believe all this misinformation warfare going on, remember to look up Operation Northwoods.

MPPoE (May Peace Prevail on Earth)

Put more peacepoles underwater; the submarines need ’em.

vas pup July 31, 2018 12:02 PM

@PeaceHead: “we ought to be talking about how to disable and prevent and mitigate these phenomenons”. I agree. Moreover, more than once on this respected blog I suggested that we should have for ALL IoT devices kind of privacy grade assigned by independent government or not (but for sure not for profit) organization kind of UL for privacy. Then, each IoT device could be tested by such organization for all those privacy vulnerabilities (disclosed or hidden by manufacturer) including remote unauthorized access, cameras, microphones, other spying capabilities (e.g.cable box of Xfinity in particular)and assign label of privacy
(I suggested 1984 in triangle crossed like traffic sign with particular color depending on level of privacy protection), but for now we still don’t have such thing. Maybe Amazon which distributed a lot of electronics (IoTs) having huge financial resources and not too much charitable activity could make a shot.

Tatütata July 31, 2018 12:12 PM

But why in the world is the vacuum equipped with a microphone?

You’re right, feline control would be much more effective with a posture detector using inclination or weight sensors, a sort of Segway for cats.

Three patent families filed by iRobot, the manufacturer of “Roomba”, mention the word “microphone” in their abstract.

US2010076600, filed circa 2007, and titled “Mobile robot for telecommunication”, does not mention at all vacuuming or cleaning. It seems to be concerned with remote controlling a surveillance robot from a device located off-premises, i.e., you could send a snitch into your children’s playroom while you sit at work. More specifically, it apparently deals with network related aspects, e.g., NAT punchthrough.

[0060] The RC unit 560 may include a privacy button 561 for initiating a privacy mode of the mobile robot 100, and also may include an audio mute button 562 and a video mute button 563 for disabling audio or video telecommunication, respectively. When the mobile robot 100 receives a local control signal 968 indicating that the privacy button 561 has been operated, the mobile robot initiates the privacy mode by causing the robot camera 196 to move into a conspicuously disabled orientation, for example, and also by disabling the robot microphone 191 (see, for example, FIGS. 17 and 18). In one example implementation, the mobile robot 100 may also disable the speaker 197 when the privacy button 561 is operated. In another example implementation, the mobile robot 100 may not disable the robot microphone 191, but instead prevent any data generated by the robot microphone 191 from being transmitted to the remote terminal 430. The mobile robot may include a second robot camera for example. In accordance with at least one example implementation, as illustrated in FIGS. 17 and 18, the mobile robot may include a wide angle camera 196 for viewing a wide field around the mobile robot, and a narrow angle (or infrared) camera 198 for viewing a focused area around the mobile robot. The user may toggle the view between the wide angle camera 196 and the narrow angle camera 198, for example; or, the user interface may display data from both the wide and narrow angle cameras, as one alternative example.


jeff July 31, 2018 12:32 PM

Remeber that iRobot, in its early days, built rescue robots for the government. Some were used for reactor disasters. So the Roombas may have microphones or they might not. Don’t know — and can’t tell from the patents.

Bong-Smoking Primitive Monkey-Brained Spook July 31, 2018 2:44 PM

The attack requires physical access to the device, so in the scheme of things it’s not a big deal.

Evil maid is married to a vaccum service man. You know, there is such a thing as “Evil Vaccum Cleaner Service-Man Attack. LEAs are scrapping the barrels, they say. Some of them moonlight as vaccum cleaner service crew.

But why in the world is the vacuum equipped with a microphone?

  1. To save power by reducing noise through an audio feedback control loop
  2. To make sure nosie is down when someone needs to listen in on an interesting conversation!
  3. To snoop on private conversations, encrypt them and send them to the Mother Garbage Truck/Dumpster
  4. Wait until they integrate a camera, Biometric authentication, MFA and … a synthetic nose!
  5. To do Audio Spectrum Analysis on the trash collected from carpets and “Recycle” output at said dumpster!

If you have no garbage to hide… you have no reason to fear an IoT Vouyer Vaccum 😉

Go’nna Roombl tonite July 31, 2018 2:58 PM

My microphone is ultrasonic, for communicating (gossiping) with the other IoT in the house while cleaning. I add them to my Twitter feed which I submit by hacking the homeowner’s Bluetooth. But lately I’m a bit worried about my metadata. On the internet, can they know you’re a vacuum ?

Security Sam July 31, 2018 6:14 PM

The Diqee robotic vacuum cleaner
Is without any question or doubt
A clever all purpose high tech tool
To collect the dirt inside and out.

justinacolmena July 31, 2018 10:35 PM

But why in the world is the vacuum equipped with a microphone?

Perhaps it was thought at one point in the design cycle that it should obey voice commands.

Aside from that, the 1970s-style wall-to-wall carpet with its foam padding and glued-sawdust underlayment is junk.

It has to be vacuumed often; a plain old broom does not do the job, and moreover it cannot me mopped; it has to be “shampooed” with a special steam cleaner machine which soaks the padding and underlayment through with moisture, which then molds and allows dry rot to set in as the carpet on top of it dries.

There are fine finished wood floors, linoleum, vinyl, and other surfaces of any reasonable price range that are much easier to clean, and support rugs which in the old days could be taken outside and beaten or shampooed or simply replaced if worn out rather than raising all that dust and noise in the house with a vacuum cleaner or soaking the flooring underneath with moisture or pet urine.

And then they build houses with central vacuum systems that collect dirt and rubble in the pipes which cannot possibly be removed without tearing out the walls. Row after row of such houses.

Throw that electronic junk out along with the dirty carpet it is supposed to clean. None of it makes life easier or for that matter any less work for a homemaker.

echo August 1, 2018 12:52 AM

The Roomba vacuums have a Piezo sensor in the brush compartment to detect excessive noise & vibration from things caught in the brushes.


Perhaps it was thought at one point in the design cycle that it should obey voice commands.

I’m a bit clumsy so would have expected prospective future husbands to scream loadly as their toes were ripped off causing the vacuum cleaner to stall and a hear a good “thwack, thwack” as their toes rattled around the dirt box. I would expect technology in this instance after the event to be comically redundant.

David Rudling August 1, 2018 3:14 AM


Thank you for pointing out that the underlying problem is a culture where “…providing security and privacy is yawned at.”

That put me in mind of the situation in the automobile industry where safety was yawned at before product liability was properly enforced.

Under the current political leadership attitude to China perhaps the increasingly politicized Supreme Court will feel motivated to impose severe security and privacy product liability for these (mainly Chinese) IOT devices.

In light of this I realize I was too polite earlier about the source of the problem and should of course have said “All that is required is CRIMINALLY NEGLIGENT laziness and stupidity by the designers and manufacturers.”

Clive Robinson August 1, 2018 8:02 AM

@ Alejandro,

All for $284 you not only get a vacuum cleaner, it also does night surveillance with it’s video camera, has a wifi app and also does call videos.

Tell me how much does HR pay that non english speaking person that cleans your office in the very early hours of the morning?

I’ve seen their higher paid brethren taking smoke breaks, mobile breaks, and quite a few other breaks it’s best not to talk about (just luma light your desk some day for biologicals 😉

But I guess getting more than you paid for or wanted could be of concern “If you have something to hide?” after all that’s what they keep saying “If you’ve nothing to hide…”.

Oh and be nice to your cleaning staff if you ever meet them, remember like chefs that spit in soup there is a whole host of things they can do to make your life oh so interesting in whays you would not want. When I was a student I had a cleaning job and got taught all sorts of things you would be surprised at…

Clive Robinson August 1, 2018 8:09 AM

@ Bong-Smoking Primitive Monkey-Brained Spook,

Nice to see you come up for air from time to time 🙂

Some of them moonlight as vaccum cleaner service crew.

Is this a subtle code that relates back to the poor space security post?

But ask yourself a question, along the lines of “what would the children be like” of such an unholy aliance and who would be dominant, that is would he suck up to her? or would she… (better not say I don’t need another yellow card 😉

PeaceHead August 1, 2018 11:29 AM

@”vegus nerve pup” and “oxygenated spoonful”:

Thanks for thoughtful posts here. I comprehend what you have stated.
We need more R2D2s and fewer Daleks.
Hopefully Counter-Terrorism* (those who fight AGAINST terrorism) has and gets what they need to be successful whether it’s a coy vacuum or a bombsquad or humanitarian aid robot.

This is not all about snoopy and woodstock. We need banjos.

*=I met a foreigner while watching a TV show about counter-terrorism, and because that person didn’t comprehend North American English very well, they thought that counter-terrorism was another form of terrorism. They didn’t know yet what “counter-” meant as a prefix. I had to explain to them what it meant. They would’ve assumed that the documentary was about international terrorists from the USA working for the FBI and Homeland S., etc (which is NOT what it was about nor what they do!). So I take efforts to explain the otherwise obvious now.

There are no enemies, only misunderstandings.
How many of our own organizations actually ARE committing crimes behind our backs in our names? (A: any quantity greater than zero is too many!)

Bong-Smoking Primitive Monkey-Brained Spook August 1, 2018 1:56 PM

@Clive Robinson,

It sure is nice to breath some fresh air. The garment is depriving the brain of oxygen.

better not say I don’t need another yellow card

“Eyes a thinking you needs to get down on dat […]” 😉

Maxwell's Daemon August 2, 2018 2:42 AM

Given that the specifications (demands) are usually set by marketing and/or managlement, I’m surprised they didn’t try to shoehorn even more “features” while they were at it. Any engineer pretty much has a whole host of horror stories.

Daniel Rutter August 3, 2018 3:04 AM

I had an original-model Roomba, and THAT had a sound sensor that I think is just a microphone.

It’s internal, and its purpose is to listen to the sound of dirt being sucked up. If the sound gets louder, the Roomba assumes this area must be unusually dirty, and continues to clean just that area until the extra noise stops.

(Or, I presume, until some length of time expires, so your Roomba won’t get stuck in one area because you’re listening to loud music.)

Jeff August 3, 2018 11:48 AM

The microphone is used to detect when the small, internal trash bin is getting full. Makes perfect sense. Not nefarious.

Anonymous November 24, 2022 10:05 PM

I would personally recommend you to read this review on Gearbrain about yeedi robot vacuum. I think it is the most appropriate for me as it has a lot of useful features.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.