Hacking the IoT: A Journey to the Heart of My Hoover-Bot
An amateur hacker tests the security of her Dyson robotic vacuum cleaner.
Let’s be grateful for a moment that smart vacuum cleaners have started populating households. Swapping over from US military research groups, the little caterpillar driven robots are now sucking dust instead of exploring minefields. Plus, many of them come with built in Wi-Fi so you can steer them remotely via your smartphone. Handy, right?
I happen to call such a minion mine. Besides sending it on its daily tour through my apartment, I also decided to take a closer look at its security. Why security? The hoover-bot is smart, making it a typical Internet of Things (or IoT) gadget. In recent years, however, these devices have received bad press and disapproval from security researchers. Critics argue that many of the devices have not been designed with security in mind, making them vulnerable to attacks.
Being an amateur, I wanted to find out how easy it really is to hack an IoT device like my hoover-bot. Robot vacuum cleaners seem to be particularly prone to hacking as art projects, and get transformed into mechanical painters. The make I have, however, is a Dyson. Dyson doesn’t provide API access, meaning there is no technical entrance door to change the robot’s inner workings. But, even if the manufacturer doesn’t encourage it, there are still ways to get in there.
Critics argue that many IoT devices have not been designed with security in mind, making them vulnerable to attacks.
My hacking operation started with intercepting the hoover-bot’s Wi-Fi signals. The idea was that I could perhaps understand the language it uses to communicate with my smartphone, and then send it different commands. To intercept those signals, I used an open source software called Aircrack-ng. The program runs solely on the terminal — that black window your see hackers using in Hollywood movies. In this terminal window I could see my hoover-bot was communicating with my router and smartphone — all of which were identifiable by their individual MAC addresses, numbers they were given at birth back on a Shenzhen factory floor.
From my Aircracking interceptions I found out that the hoover-bot is talking to my phone using an mqtt protocol language. Mqtt is a commonly used “machine-to-machine (M2M) “Internet of Things” connectivity protocol” as it reads on its website. The communications are, however, encrypted, so I could only guess what the hoover-bot and the phone were chatting about. If I were a real hacker I could carry out a so-called man in the middle attack, by creating a situation in which I position myself between the robot and my smartphone. That would force them to have to reconnect to each other — but in the meantime I could sneak in between. Afterwards, their communications would go through me, letting me listen in completely undisturbed.
A remote attack like this is sadly out of my league, so after a couple of unfruitful attempts I decided to try a more analogue approach. Armed with a screwdriver set, I attacked the device and carefully started to disassemble it (after all, I still have practical uses for my robotic cleaner). At the hoover-bot’s heart I found a stack full of circuit boards: this guy had much more technology inside than I ever expected. Suddenly it didn’t seem so surprising that its communications were encrypted: it certainly has the computing power for it.
The hoover-bot is an over-engineered masterpiece. And I’m not saying that to cover up my lack in understanding about its technology. It would take me months, if not years, to reverse engineer the whole robot, to understand all its functions. There had to be an easier way.
Since the hardware proved too complex an attack vector, I took a closer look at the software. The software decides how the hoover-bot’s 360 degree camera can be used, where its caterpillar wheels point, and ensures its sensors detect obstacles.
The hoover-bot is an over-engineered masterpiece.
The software can be downloaded from Dyson’s website. Installing it on the device is easy — all you need is a USB stick. Getting it onto my PC was a different story. Smart vacuum cleaners and laptops are both jewels of computer engineering, yet still different enough for my PC to have no clue what to do with this weird .bin file I’d just downloaded and so seamlessly installed on the hoover-bot.
Opening this mysterious .bin file, results in a long list of gibberish — the kind you get when your cat runs across the keyboard or you try and wipe breadcrumbs off it. .bin means binary, so zeros and ones, written to be understood only by machines and nerds. But with the help of some commands in the terminal window, I learned that behind that the .bin file is a whole operating system. To decipher the hoover-bot’s soul, I needed to install the .bin file on a virtual machine.
As this point, my adventures in hacking were disrupted. I couldn’t install the .bin file on a virtual machine. It was fully encrypted, and all the meaning I could squeeze out was an anticlimactic “Kukuk”.
As it stands, my quest is over. Still, each night I wait impatiently for that malicious hacker to get into my hoover-bot and drive away with it. If I can’t do it, there’s certainly someone out there who can. But for now the Internet of Things is still safe. Ish.
