But on this threat model? Why would it not be good?
It has to physically accessed on the PCB itself from what I gather.
There are 2 “threats” from what I see:
someone at the distribution facility pops it open and has the know how to install malware on it (very very unlikely)
someone breaks into your home unnoticed and has the time to carefully take apart your vacuum and upload pre-prepared malware instead of just sticking an IP camera somewhere. If this actually happens, the owner has much much bigger problems and the vacuum is the least of their worries.
The homeowner is the other person that can access it and it is a big feature in that case.
yes and no… i agree with the sentiment, but with root you can extract wifi credentials and various other secrets… you shouldn’t be able to get these things even when you have physical access to the device… the root access itself isn’t the problem
NO! It’syour device, you should have root! The fact that the manufacturer gives their product owners root is a good thing, not bad!
I will die on this fucking hill.
I agree with you. But granting root straight from adb with 0 auth is not good.
But on this threat model? Why would it not be good?
It has to physically accessed on the PCB itself from what I gather.
There are 2 “threats” from what I see:
someone at the distribution facility pops it open and has the know how to install malware on it (very very unlikely)
someone breaks into your home unnoticed and has the time to carefully take apart your vacuum and upload pre-prepared malware instead of just sticking an IP camera somewhere. If this actually happens, the owner has much much bigger problems and the vacuum is the least of their worries.
The homeowner is the other person that can access it and it is a big feature in that case.
yes and no… i agree with the sentiment, but with root you can extract wifi credentials and various other secrets… you shouldn’t be able to get these things even when you have physical access to the device… the root access itself isn’t the problem
If I broke into your home, why TF would I carefully take apart your robot vacuum in order to copy your wifi credentials‽
Also, WTF other “secrets” are you storing on your robot vacuum‽
This is not a realistic attack scenario.