A vacuum cleaning robot can manipulate a lidar sensor and turn it into a tapping device

Collision avoidance robots, capturing different sound input may be of stuff and based on laser technologies.


Although sensitive drawback one hagien risks ample preview of Internet of Things equipment in an environment variable.

Friday, 20 November 2020, 09:15 GMT

Analysis has shown that it can be used as a device to tap a vacuum cleaner robot with artificial intelligence. The key content is that you can spy on the equipment owner and the people around if you attack machines that automatically move around a specified area and suck in dust through the built-in smart sensor. This attack’s name is called LidarPhone.

Automated robots for vacuum cleaning are also fitted with sensors called lidars. Lida is a technique that uses laser beams to conduct radar functions of some kind. Without colliding with lidar sensors, robots can maneuver between objects.

The first thing that is lucky about the Rider Phone attack is that it is very difficult to set up the attack process. Before beginning a rider phone strike, attackers must already have possession of the equipment. You must also be tied to the same network as the survivor. There are not a few threats that first need to be carried out.

The theory of the Lidaphone attack is explained by researchers at the University of Maryland, College Park and the National University of Singapore as follows. “We can capture and process speech data around us to retrieve information by modifying the lidar sensor and making it accept acoustic signals rather than artifacts. As described earlier, of course, running the lidar sensor is not an easy process.

Via the study, the researchers explained, “If the LiDAR is operated, it is possible to acquire and analyze the measured value of the LiDAR sensor by accessing the robot from a remote location.” They have succeeded in stealing credit card information or confidential information by tests that could be used in further extortion attacks.

A device named Xiaomi Roborock was the machinery used in the experiment. Next the ARM Cortex-M based firmware was reverse engineered. Then by exploiting a flaw in Dustcloud software, which is being used as an endpoint server or proxy, the Robolock system gained root access.

“Robolock is almost always linked to the ecosystem of the Xiaomi Cloud. Standard data sharing and analysis were only possible because participants were able to capture and correctly distinguish in one experiment against the sounds of rugs being scratched or walked on, sounds made near garbage cans, intro music from multiple news sources, and commercial music. And the gender of the voice speaker may be balanced with high precision, it is said.


Relations are created. You will bypass the connection protocol if you are wired to the same local network as the robot. From there by running the sensor, it was possible to capture different sounds. For 19 hours, we have been able to record and store audio, such as TV sounds that are playing nearby.” This is what appears in the report.”

There are many pitfalls, too. The accuracy of the attack significantly decreases as the ambient noise approaches a certain level, and the distance from the sound source also lowers the reliability of the attack. It has been shown that even lighting conditions affect the attack. It indicates that the climate variable is adaptive to it. If the vacuum cleaner is fitted with a hardware lock, the laser may be set such that it is not emitted at a certain angle of rotation and if so, the chance of attack is substantially minimized.
However the ramifications of this analysis are not insignificant. This is because it has been proven, once again that IoT and automation devices will still be an assault channel.

It is important to note that as long as the intent is obvious, everyone may overhear the IoT equipment owner’s conversation. This experiment was limited to the cleaning of robots fitted with LiDAR technology, but I believe it will work with all optical sensor equipment. This suggests that the attack channels can be varied. For now, it would be beneficial for customers to search for appliances for their own control with several choices. That way in the future, you can uninstall those functions.