As part of the ongoing research performed by the Checkmarx Security Research Team, recently, they were investigating several IoT devices, including the Ironpie M6 smart vacuum cleaner by Trifo. Since the device has a video camera, the team was interested in testing the security and privacy of the vacuum.
According to Trifo, the Ironpie is “An AI-powered robot vacuum that vacuums up dirt, dust, crumbs – even sand – like no one’s business” and it claims that its “mission is to clean and protect your home, so you can do more important things. I keep your home safe from dirt, dust, crumbs, sand and more; and also use my advanced vision system to keep intruders out. I am always alert and never sleep on the job.” The Trifo can be connected to the internet via WiFi, and be controlled remotely for vacuuming, as well as for remote video stream viewing, since it incorporates a video camera. The security concerns of connecting video cameras to the internet should be obvious, and that was one of the motivators behind this research. As a result of research team’s investigation, several high- and medium-severity security vulnerabilities were discovered.
www.checkmarx.com
