Outline
- Introduction
- Who Am I?
- Why research vacuum bots?
- Key points that highlight pervasiveness (metrics including industry size, trends, key players)
- Intro to vacuum bots
- Typical features of a bot
- Specific commands (Left, Right, Forward, Reverse)
- Cleaning modes (auto, spot, edges)
- Cleaning schedules
- Maps (single and multi floor) and accessory health monitoring (e.g. brushes)
- Steps in setting up a bot
- Installing and registering an account on the vendor’s app on your phone
- Connecting bot to local wifi
- Linking bot to your account on the phone
- Conducting network forensics
- Setting up a home network (hardware and software required)
- Examining bot communication protocols
- XMPP and an example of bot <-> vendor cloud server communication
- MQTT and an example of bot <-> vendor cloud server communication
- Examining bot authentication protocols
- SASL over XMPP
- Secure MQTT
- Security and Privacy Concerns
- Remote controlling/hijacking
- Discuss the potential ways this can happen:
- Using MITM on the local network
- Breach of credentials used on the app
- Privacy of home floor plans
- Discuss how plans are created, stored and updated
- Security and Privacy of audio and video recordings
- Discuss how these are stored.
- Show example of network capture which contains the feed.
- Reported issues (for a set of bots)
- Plaintext password transmission in XMPP to the vendor’s cloud server
- Manipulating cleaning schedules
- Discuss how some bots retrieve their current time and how this can be abused.
- Conclusion
- Recap of research contributions
- Key takeaways for the audience
- QnA