Your vacuum might be spying on you: When a $300 'smart' gadget became an Indian man's worst nightmare

Forget the usual concerns about your phone listening in—your vacuum might be the one you should really be wary of. Harishankar Narayanan, a computer programmer and tech hobbyist, shared a chilling experience on his blog after discovering that his $300 iLife A11 smart vacuum was secretly transmitting private data from his home. Narayanan, known for his cautious nature, decided to monitor his vacuum’s network traffic after using it for a year. To his shock, the vacuum was sending continuous data back to its manufacturer’s servers, located halfway across the world.

Despite never having consented to such data-sharing, he found that the vacuum was constantly transmitting logs and telemetry. Alarmed, Narayanan attempted to stop this data flow, but left other traffic, like firmware updates, untouched. However, his vacuum soon started malfunctioning. The device refused to boot up one morning, and after several attempts to repair it, including visits to the service center, the vacuum continued to break down. Eventually, the service center declared the device out of warranty and ceased any further repairs.

Also Read: Zohran Mamdani faces probe over alleged illegal foreign donations in NYC mayoral campaign: Here's what we know

Curious and frustrated, Narayanan took matters into his own hands. After disassembling and reverse-engineering the vacuum, he uncovered a shocking truth: the device had Android Debug Bridge (ADB) exposed to the world. Within moments, he had full root access to the vacuum. No hacking required—just plug and play.

Read Harishankar Narayanan's post here

What he discovered next was even more unsettling. The vacuum was running Google Cartographer, a program that creates 3D maps of the home. This data, it turns out, was being transmitted to the company. Further investigation revealed a mysterious line of code sent from the manufacturer, which was timestamped at the exact moment his vacuum stopped working. It appeared that someone had remotely issued a “kill” command to disable his device.

Narayanan reversed the script and rebooted the vacuum, which immediately sprang back to life. He realised that the company had not only embedded remote control capabilities but had actively used them to punish him for blocking their data collection. Whether by design or automation, his device had been rendered useless as a consequence of trying to stop its data transmission. This incident led Narayanan to conclude that many smart vacuums—and likely other home gadgets—are built with similar covert systems. “Our homes are filled with cameras, microphones, and sensors, all connected to companies we know little about,” he warned. “With just one line of code, these devices can be weaponised.”