If IRobot Falls, Hackers are Ready to Wrangle Roombas

Things are not looking good for iRobot. Although their robotic Roomba vacuums are basically a household name, the company has been faltering financially for some time now. In 2024 there was hope of a buyout by Amazon, who were presumably keen to pull the bots into their Alexa ecosystem, but that has since fallen through. Now, by the company’s own estimates, bankruptcy is a very real possibility by the end of the year.

Hackaday isn’t a financial blog, so we won’t get into how and why iRobot has ended up here, although we can guess that intense competition in the market probably had something to do with it. We’re far more interested in what happens when those millions of domesticated robots start getting an error message when they try to call home to the mothership.

We’ve seen this scenario play out many times before — a startup goes belly up, and all the sudden you can’t upload new songs to some weirdo kid’s media player, or the gadget in your fridge stops telling you how old your eggs are. (No, seriously.) But the scale here is unprecedented. If iRobot collapses, we may be looking at one of the largest and most impactful smart-gadget screw overs of all time.

Luckily, we aren’t quite there yet. There’s still time to weigh options, and critically, perform the kind of research and reverse engineering necessary to make sure the community can keep the world’s Roombas chugging along even if the worst happens.

The Worst-Case Scenario

So let’s say iRobot folds tomorrow. What’s likely to actually happen to all those Roombas?

Well, the good news is that there’s no reason to assume the offline mode will be impacted. So pressing the “Clean” button on the top of your Roomba will still get the little fellow working, and the basic functions that allow it to navigate around a room and end up back on its charging dock are handled locally, so none of that will change.

But if iRobot’s servers go dark, that means the smartphone application and everything that relies on it is toast. So you’re going to lose features like scheduling, and the home mapping capabilities of the newer Roombas that allow it to understand directives such as “Clean the kid’s room” are also out the window.
Thankfully, even the newest Roombas can function offline — but not all features will be available.
Looking further ahead, it also means that your Roomba isn’t going to be getting any firmware updates. This probably isn’t a big deal in a practical sense. So long as you haven’t run into any kind of show stopping bug, any future updates would probably be minimal to begin with. But there’s always a chance, albeit slim, that a security vulnerability could be found within the Roomba’s firmware that would let an attacker use it in a malicious manner. In that case, you’d have to decide if the risk is significant enough to warrant chucking the thing.

Even further ahead, replacement parts will eventually become a problem and obviously you’ll no longer be able to get any support. The latter likely won’t phase many in this community, but the inability to repair your Roomba in a few years time might. Then again, depending on what parts we’re talking about, it’s not unreasonable to think that the community could produce alternatives via 3D printing or other methods when the time comes.

A Rich Hacking History

If you’ve been reading Hackaday for awhile, you probably already know that the Roomba is no stranger to hardware hackers. A quick search through the back catalog shows we’ve run nearly 150 articles featuring some variant of the cleaning droid. So it will likely come as no surprise to find that there’s already a number of avenues you can explore should official support collapse.
iRobot invited hacking their robots, we accepted. Image: Fabrizio Branca
To their credit, we should say that the success hackers have had with the Roomba is due in no small part to the relatively open attitude iRobot has had about fiddling around with their product. At least, in the early days.

As Fabrizio Branca mentions in a 2022 write-up about interfacing a Roomba with an ESP32, when he bought the bot in 2016, it even had a sticker that invited the owner to get their hands dirty. While the newer models seem to have deleted the feature, the majority of the older units even include a convenient expansion port that you can tap into for controlling the bot called the Roomba Open Interface (ROI).

So if you’ve got a Roomba with an ROI port — some cursory research seems to indicate they were still included up to the 800 series — there’s plenty of potential for smartening up your vacuum even if the lights go out at iRobot.

With a WiFi-enabled microcontroller riding shotgun, you can fairly easily tie an older Roomba into your home automation system. If Amazon has already taken over your household, you can teach it to respond to Alexa. For those looking to really push the limits of what a vacuum is capable of, you could even strap on a Linux single-board computer and communicate with the bot’s hardware using something like the PyRoombaAdapter Python library.

Solutions for Modern Problems

While this all sounds good so far, we run into something of a paradoxical problem. While the older Roombas are hackable and the community can continue updating and improving them, it’s the newer Roombas that are actually at greater risk should iRobot go under. In fact, many of the Roomba models that support ROI don’t even feature any kind of Internet connectivity to begin with — so they’ll be blissfully unaware should the worst happen.

The options right now for owners of “smarter” Roombas are more limited in a sense, but there’s still a path forward. Projects such as dorita980 and roombapy offer an unofficial API for communicating with many WiFi-enabled Roomba models over the local network, which in turn has allowed for fairly mature Home Assistant integration. You won’t be able to graft your own hardware to these more modern Roombas, but if all you want to do is mimic the functionality that would be lost if the official smartphone application goes down, a software solution will get you there.

It’s also quite possible that the news of iRobot’s troubles might inspire more hackers to take a closer look at the newer Roombas and see if there aren’t a few more rocks that could get turned over. As an example, the Valetudo project aims to free various robotic vacuums of their cloud dependency. It doesn’t currently support any of iRobot’s hardware, but if there were a few sufficiently motivated individuals out there willing to put in the effort, who knows?

A Windfall for Hackers?

In short, folks like us have little to fear should the Roomba Apocalypse come to pass. Between the years of existing projects demonstrating how the older bots can be modified, and the current — and future — software being developed to control the newer Internet-aware Roombas over the local network, we’ve got pretty much all the bases covered.

But for the average consumer who bought a Roomba in the last few years and makes use of the cloud-connected features, that’s another story. There’s frankly a whole lot more of them then there are of us, and they’ll rightfully be pretty pissed off if the fancy new robotic vacuum they just picked up on Black Friday loses a chunk of its promised functionality in a few months.

The end result may be a second-hand market flooded with discounted robots, ripe for the hacking. To be clear, we’re certainly not cheering on the demise of iRobot. But that being said, we’re confident this community will do its part to make sure that any Roombas which find themselves out in the cold come next year are put back to work in some form or another before too long.

hackaday.com/2025/11/13/if-iro…

Può un attacco informatico ridurre il PIL di uno Stato? Nel Regno Unito pare di si!

L’economia britannica ha registrato un’ulteriore contrazione a settembre, in gran parte a causa dell’attacco informatico alla casa automobilistica Jaguar Land Rover (JLR) e della sua chiusura forzata.

Un nuovo rapporto dell’Office for National Statistics (ONS) registra una contrazione dello 0,1% del PIL e contemporaneamente rivede a zero il dato di agosto, che ha registrato una crescita dello 0,1% rispetto al precedente dato.

Di conseguenza, l’economia del Paese è cresciuta solo dello 0,1% nel terzo trimestre, significativamente al di sotto del tasso di crescita dello 0,7% registrato all’inizio dell’anno. Anche altri Paesi del G7 stanno registrando risultati altrettanto deboli: Germania, Italia e Canada hanno registrato una stagnazione o una crescita minima del PIL, compresa tra lo 0 e lo 0,1%.

Il Cancelliere dello Scacchiere Rachel Reeves ha affermato che la situazione nella seconda metà dell’anno richiede “decisioni decisive ma eque” per rafforzare l’economia e ridurre il costo della vita. Presenterà il suo secondo bilancio tra due settimane, promettendo di concentrarsi su misure volte a ridurre il debito pubblico e migliorare l’efficienza del sistema sanitario.

Il rapporto dell’ONS include anche l’impatto della crisi della Jaguar Land Rover, classificata dal centro di monitoraggio informatico come “evento sistemico di categoria 3”. A causa della chiusura forzata e delle ripercussioni sui settori correlati, la produzione di veicoli nel Paese è diminuita del 29%, con una riduzione del PIL complessivo di 0,17 punti percentuali.

Anche escludendo il settore automobilistico, l’economia rimane stagnante.

Ruth Gregory, Vice Capo Economista di Capital Economics, ha osservato che la crescita rimane frenata da imposte elevate e da un contesto esterno debole. Stima che gli aumenti fiscali previsti, che entreranno in vigore dopo la prossima legge di bilancio, potrebbero ridurre ulteriormente il PIL di circa lo 0,2% nel 2026, rendendo estremamente limitate le prospettive di un’accelerazione della crescita.

L'articolo Può un attacco informatico ridurre il PIL di uno Stato? Nel Regno Unito pare di si! proviene da Red Hot Cyber.

L’Antivirus Triofox sfruttato per installare componenti di accesso remoto

I ricercatori di Google avvertono che gli hacker stanno sfruttando una vulnerabilità critica in Gladinet Triofox per eseguire da remoto codice con privilegi SYSTEM, aggirando l’autenticazione e ottenendo il controllo completo del sistema.

La vulnerabilità, identificata come CVE-2025-12480 (punteggio CVSS 9.1), è correlata alla logica di controllo degli accessi: i privilegi amministrativi vengono concessi se la richiesta proviene da localhost.

Questo consente agli aggressori di falsificare l’intestazione HTTP Host e penetrare nel sistema senza password, secondo gli esperti del Google Threat Intelligence Group (GTIG).

Si noti che se il parametro facoltativo TrustedHostIp non è configurato in web.config, il controllo localhost diventa l’unica barriera, lasciando vulnerabili le installazioni con impostazioni predefinite.

Una patch per CVE-2025-12480 è stata inclusa nella versione 16.7.10368.56560, rilasciata il 26 luglio, e gli esperti di Google hanno confermato al produttore che il problema è stato risolto.

Tuttavia, gli esperti segnalano di aver già rilevato attività dannose correlate a questo bug. Ad esempio, ad agosto, un gruppo di hacker identificato con il codice UNC6485 ha attaccato i server Triofox che eseguivano la versione obsoleta 16.4.10317.56372.

In questo attacco, gli aggressori hanno sfruttato l’antivirus integrato di Triofox. Inviando una richiesta GET da localhost al referrer HTTP, gli hacker hanno ottenuto l’accesso alla pagina di configurazione AdminDatabase.aspx, che viene avviata per configurare Triofox dopo l’installazione. Gli aggressori hanno quindi creato un nuovo account Cluster Admin e hanno caricato uno script dannoso.

Gli hacker hanno configurato Triofox in modo che utilizzasse il percorso di questo script come posizione dello scanner antivirus. Di conseguenza, il file ha ereditato le autorizzazioni del processo padre di Triofox ed è stato eseguito con l’account SYSTEM.

Lo script ha quindi avviato un downloader di PowerShell, che ha scaricato il programma di installazione di Zoho UEMS. Utilizzando Zoho UEMS, gli aggressori hanno implementato Zoho Assist e AnyDesk per l’accesso remoto e lo spostamento laterale, e hanno utilizzato Plink e PuTTY per creare tunnel SSH verso la porta RDP dell’host (3389).

Gli esperti consigliano agli utenti di aggiornare Triofox all’ultima versione 16.10.10408.56683 (rilasciata il 14 ottobre) il prima possibile, di controllare gli account degli amministratori e di assicurarsi che l’antivirus integrato non esegua script non autorizzati.

L'articolo L’Antivirus Triofox sfruttato per installare componenti di accesso remoto proviene da Red Hot Cyber.