Clean Forensics: Analyzing network traffic of vacuum bots
2022-06-18, 15:00–15:45, Track 1 (UC Conference Rm A)

Have you ever wondered how vacuum bots work under the hood? How safe is your home’s floor plan that these bots automatically scan? This talk will walk you through a step-by-step procedure on how you can perform network forensics on vacuum bots all from the comfort of your own home. The audience walks away with not only the awareness of security and privacy issues with vacuum bots but also a method to research on their own.


Outline
- Introduction
- Who Am I?
- Why research vacuum bots?
- Key points that highlight pervasiveness (metrics including industry size, trends, key players)
- Intro to vacuum bots
- Typical features of a bot
- Specific commands (Left, Right, Forward, Reverse)
- Cleaning modes (auto, spot, edges)
- Cleaning schedules
- Maps (single and multi floor) and accessory health monitoring (e.g. brushes)
- Steps in setting up a bot
- Installing and registering an account on the vendor’s app on your phone
- Connecting bot to local wifi
- Linking bot to your account on the phone
- Conducting network forensics
- Setting up a home network (hardware and software required)
- Examining bot communication protocols
- XMPP and an example of bot <-> vendor cloud server communication
- MQTT and an example of bot <-> vendor cloud server communication
- Examining bot authentication protocols
- SASL over XMPP
- Secure MQTT
- Security and Privacy Concerns
- Remote controlling/hijacking
- Discuss the potential ways this can happen:
- Using MITM on the local network
- Breach of credentials used on the app
- Privacy of home floor plans
- Discuss how plans are created, stored and updated
- Security and Privacy of audio and video recordings
- Discuss how these are stored.
- Show example of network capture which contains the feed.
- Reported issues (for a set of bots)
- Plaintext password transmission in XMPP to the vendor’s cloud server
- Manipulating cleaning schedules
- Discuss how some bots retrieve their current time and how this can be abused.
- Conclusion
- Recap of research contributions
- Key takeaways for the audience
- QnA

Karan Dwivedi is a security manager at Google. He has over 6 years of experience specializing in digital forensics and incident response. Prior to Google, he was part of the incident response team at Yahoo where he gained experience in responding to the world’s largest breach. He serves as a program committee member of the DFRWS conference and DFIR Reviews publication. He graduated from Carnegie Mellon University with a Master's in Information Security in 2016. He owns the blog allthingspwned.com where he provides interviewing advice for security engineers. His articles are provided as a reference by Google's hiring team.