Although Internet-connected devices are very useful at home, and it’s cool to be able to monitor your dishwasher from half a world away, it’s important to pay attention to privacy and safety issues.For example, Cecotec Conga 1490 Robot Vacuum Cleaner [Rastersoft] I purchased an Android application that requires almost complete access to the user’s mobile phone during installation. Not satisfied with this invasion of privacy, let alone the potential security risks, [Rastersoft] start working Reverse engineering the communication of the robot (translation) To understand what it is doing when it is online. To do this, he configured the Raspberry Pi as an access point, connected the vacuum to it, and recorded all the data flowing through it.
It turns out that the robot called its manufacturer and reported its serial number and some configuration settings. The server then passes control to the mobile application, but not all subsequent commands are routed through the remote server. Not only is this creepy, it also means that if the manufacturer were to shut down the server, the application would stop working altogether. [Rastersoft] So there is the idea of writing custom software to control the robot. He first reconfigured Pi’s network settings to make vacuum mistakenly believe it was connecting to the manufacturer’s server, and then wrote some Python code to simulate the server’s response. He can now control all the data flowing back and forth.
After a lot of experiments and data analysis, [Rastersoft] He managed to decipher the command sent by the application, allowing him to write a complete replacement application, which was seen in the video after the interruption, including the standard actions for controlling all vacuum cleaners and the new function of manually controlling the movement of the vacuum cleaner.All codes are Available on GitHub For those who also want to crack the Conga drum.
We think this is a good example of software hacking on future-proof devices you own, and it also mitigates many of the dangers that default software poses to your security and privacy. The fact that the commands you send from your mobile phone to the vacuum cleaner are spread all over the world, and may be stored and read by others, is quite absurd in the first place. After all, we have seen how the sweeping robot monitors you.