Cyber risks from the Internet of Things can come from some surprising places. The latest potential threat: your trusty Roomba may be sending out information on your floor plans while it’s sweeping up.
The 900 series of Roomba vacuum has a “Clean Map Report” feature, which teaches it how to improve its movements by telling you how well did on its most recent sweep. The catch: it shares this report with the iRobot headquarters, meaning if you opted into the feature, you’re inadvertently allowing iRobot to learn the details of your home.
That’s not great from a cybersecurity perspective to start with, but it could potentially get worse. iRobot CEO Colin Angle told Reuters that the company could reach a deal to sell its maps to one or more of the Big Three – Amazon, Google, and Apple – in the next couple of years.
The company has responded to these reports, “iRobot has not formed any plans to sell data … No data will be shared with third-parties without the informed consent of our customers. If a customer had already signed up/opted in, iRobot will delete the data from our servers if a customer requests it. This is retroactive.”
This isn’t iRobot’s finest hour, but it could actually be worse — it could be another “pooptastrophe,” aka, that time a user shared the unfortunate experience of his vacuum tracking dog poop throughout the house.
Still, it’s a good reminder to have a strategy in place for the IoT in your organization: pay attention to its settings, and make sure you’re not automatically signed into anything that could compromise your security.
Want to learn more? Register now for DRI’s next free webinar on Cyber Risk and the IoT, Aug. 9 at 2:00 p.m.!