Avatar
Andrew Wong
z5206677 | UNSW Computer Science & Engineering
I make stuff, and occasionally break stuff… mainly the lattter

“Smart” Vacuum Cleaners - An Audit Into The Security and Integrity of IoT Systems

With the rising availability of convenient and end-user friendly Internet of Things devices, there is an increasing demand for users to permit these devices to communicate remotely. Consequently, the unknown nature of communication and of what data is communicated raises both privacy and security concerns that may often be overlooked or trivialised in exchange for convenience. This project will involve the audit of an internet-connected robotic vacuum cleaner (Roborock S6) to assess the internal operations and nature of data that is transmitted, and to investigate any potential vulnerabilities that may render the device insecure.

Details

How have manufacturers of IoT / smart home devices addressed the increasing concerns of digital privacy and product security?

Conclusions

We will see, when we finish :)

Acknowledgements

Special thanks to:

  • Me
  • Myself
  • I
  • et al.
  • The people who wrote useful resources on the internet
  • Supervisor - Richard Buckland
  • TODO: All the people whom I’ve based my research from

Pages

Read More
Files in device that are missing from base
Of Interest /usr/bin/adbd 110b25922d0cf121deeb5b72342b93c8 /usr/bin/bootring bf8f440f6fe7e1cbbdaafa491442a4a9 /usr/bin/logrotate.sh 8129d3de3d967e2887447409ee84fb16 /usr/bin/peekfd 8d2f2dbb777b852b59b5b53038925b5c /usr/bin/qemu-arm-static 4a183d05ce4c2ade1732e4ab937acb1f /usr/bin/rr_try_mount aef34ac426e24ecfa7090104660289bf /usr/bin/rsync 512ba4abb7b0202f6574864a3cd24617 /usr/bin/scp 354d5bef5c9f5d02f316d6840351a0cd /usr/sbin/nfnl_osf 0f8c4e6983614b80a1299a0fd220047e /usr/sbin/tcpdump 50f2ed1f9707873bbd13bde776c9cff7 /usr/sbin/safe_finger 7d659ca42ea347335454480da9f070d2 Low Initial Interest /bin/fuser 73b744ea98518b3b238e7a17d9356a50 /sbin/crda c6ccce7de9420eda06cf411bb31eeca1 /sbin/dhcpcd-bin 36f27f551c9b0710459c5b7261cb053a /sbin/dhcpcd3 2d6a61a6873a6bd2a2475f66a0564d06 /sbin/fatlabel 4c795c3f37c9b895afcd3cb862e85346 /sbin/fsck.fat 725bc854ed410d2bf5a0c43b07bc4651 /sbin/iptables-apply bfa7ecc3aac4cb208f32c19e6503a082 /sbin/iw 9b625d8eee80b5dd49843e86f0cbe51d /sbin/mkfs.
2022-06-28
Diff Inspection
/usr/sbin/ntpdate ntpdate is a program for retrieving the date and time from NTP servers device md5: 006a0967281c9a061362086b638a21a4 28 Jun 16:28:29 ntpdate[7790]: ntpdate 4.2.6p5@1.2349 Tue Jun 21 08:19:00 UTC 2016 (6) 28 Jun 16:28:29 ntpdate[7790]: no servers can be used, exiting base md5: 122890cbbaff8ca98f9664add64492bd
2022-06-28
/opt/roborock MD5 hashes
ff86b18c2146aca1891a92752d71f459 /opt/rockrobo/buildnumber 4a1c6635b3f118719f687119eea07145 /opt/rockrobo/cleaner/bin/AppProxy 974b868b9f7be61d002d98b26e05e442 /opt/rockrobo/cleaner/bin/RoboController 57b1f105fc153b6bd3bfd83c0d2b46be /opt/rockrobo/cleaner/bin/RoboControllerM 4d3af16176e77d064d04e3739a7bfa78 /opt/rockrobo/cleaner/bin/RoboControllerR 40bd65103561a7a71aa3980559cc13a4 /opt/rockrobo/cleaner/bin/rr_loader 3b8d8cd75e99a9329cccfce0a7c679d2 /opt/rockrobo/cleaner/bin/SysUpdate ed89ec1dd7ee1a20dfa69ee5d3c3f320 /opt/rockrobo/cleaner/conf/chargerIntensity.cfg 7089bb6222477fbcadd685c7f5e1e7ce /opt/rockrobo/cleaner/conf/roomseg.mdl.4 319839bb24fc5682047804933dbf59e8 /opt/rockrobo/cleaner/conf/slam_info.cfg 2b2c492ac063a41dc13daeba24d582f7 /opt/rockrobo/cleaner/lib/libblcommon.so 360e6b33a90e8b0e84691baf54c01346 /opt/rockrobo/cleaner/lib/libcares.so.2.1.0 fbc82bc07247f43a68613574ea4f5bae /opt/rockrobo/cleaner/lib/libconfig++.so.9.1.3 4340dea7857119259a4899571c48c5a6 /opt/rockrobo/cleaner/lib/libconfig.so.9.1.3 e7e7a0ec1698553056666cb9bfc55790 /opt/rockrobo/cleaner/lib/libgflags.so.2.2.1 ae5b646ff1cba09dbee32ecd2c5625ca /opt/rockrobo/cleaner/lib/libgflags_nothreads.so.2.2.1 9e3bb466ffab7197c3d3f09d2cf4f54c /opt/rockrobo/cleaner/lib/libglog.so.0.3.5 7c5e61d60a60a15ac6c907035eea39ed /opt/rockrobo/cleaner/lib/libopencv_core.so.3.4.2 84d763e00a39b73614b239f00cef5dd8 /opt/rockrobo/cleaner/lib/libopencv_dnn.so.3.4.2 c869b2c677f1440c59b43d9be4848172 /opt/rockrobo/cleaner/lib/libopencv_features2d.so.3.4.2 45f65f043a8937289d87e12a94e65d0c /opt/rockrobo/cleaner/lib/libopencv_highgui.
2022-06-28
File System Comparison
The device is an armhf Ubuntu 14.04.3 LTS, so we are comparing the hashes of the binaries against the stock binaries to see if there are any modifications find . -type f -executable -exec md5sum {} \; find {./bin,./sbin,./usr/bin,./usr/sbin,./opt} -executable -type f -exec md5sum {} \;
2022-06-28
Unit Reassembly with Breakout Cables
Not gonna lie, I don’t know which screws went where anymore… Also attached a UART extension cable, and soldered a power extension cable
2022-06-25