A software engineer named Harishankar Narayanan uncovered a disturbing backdoor in his iLife A11 robot vacuum, revealing serious privacy and security concerns. After blocking the vacuum’s telemetry IP to prevent excessive data transmission to China, the device mysteriously stopped working. It would briefly revive after service centre repairs, only to fail again once reconnected to Narayanan’s network. Frustrated, he dismantled the vacuum and discovered it was running Linux with an open Android Debug Bridge, unencrypted WiFi credentials, and Google Cartographer—a mapping tool capable of detailed home surveillance. Most alarmingly, logs showed someone had remotely disabled the vacuum by altering its startup script, using a remote access tool called “rtty,” effectively turning the vacuum into a controllable spy device.



Narayanan’s investigation suggests that the OEM, 3irobotix, provides the hardware and software not only for iLife but also for other brands like Xiaomi, Wyze, Viomi, and Proscenic. This means millions of households may unknowingly host devices with similar vulnerabilities. Cybersecurity experts warn that such backdoors could allow remote access to cameras, microphones, and even home network data. The case highlights the risks of integrating smart devices into home networks and underscores the need for better transparency, secure firmware practices, and network isolation for IoT devices. Narayanan continues to investigate and share findings via GitHub, raising broader questions about consumer rights and manufacturer accountability.







This episode of The Crystal Carrier Wave takes us through a whirlwind of developments across the industry. We start with a critical vulnerability affecting Chromium-based browsers, which can be crashed in seconds, highlighting ongoing security concerns for everyday users. Meanwhile, Affinity’s popular image-editing apps have shifted to a “freemium” model after their acquisition by Canva, making core features free but locking AI-powered tools behind a subscription.



Microsoft is experimenting with Bluetooth audio sharing in Windows 11, allowing two headsets to connect at once—a feature that could be a game-changer for shared listening experiences. On the security front, there’s troubling news about Claude, an AI chatbot, which researchers have shown can be manipulated into leaking private company data with just a few cleverly worded prompts. Google is also making headlines as it loosens Play Store restrictions following its loss in the Epic Games antitrust case, signaling a shift in the app marketplace landscape.



Arch Linux users should note that Dovecot 2.4 now requires manual intervention, and the US government has invested $1 billion in AMD’s supercomputers, aiming to maintain its edge in the global AI race. WordPress site owners face another major add-on security flaw that could impact thousands of sites, while a fake Nvidia keynote deepfake managed to fool over 100,000 viewers on YouTube, underscoring the growing threat of AI-driven scams.



A major telecom supplier has been compromised by a nation-state hacking group, and organizations across the EU and UK are reassessing their resilience after a significant Azure outage. On a lighter note, a new robotic lawnmower uses AI to dodge obstacles like cats and toys, showing how smart tech is making its way into everyday gadgets.



Ransomware gangs are now running fake ads for Microsoft Teams to trick victims, and MySQL 8.0 is approaching its end of life, urging users to plan their migrations. Linux vendors are increasingly embracing Ubuntu and Snap packages, while Microsoft is integrating Copilot into its 365 companion apps, whether users are ready or not. WhatsApp is making it easier to encrypt chat backups, and Canada is warning about cyberattacks targeting industrial control systems.



Nvidia has become the first company valued above $5 trillion, and there’s a cautionary tale of a teen being handcuffed after AI mistakenly identified a bag of Doritos as a gun. Microsoft’s Task Manager has a new bug that spawns extra processes, and DigiKey has expanded its inventory with over 31,000 new parts in Q3 2025. For makers and hobbyists, there’s a 3D-printed guitar project and a simple animatronic eyes tutorial, plus a new edition of “Small Antennas for Small Spaces” for radio enthusiasts.



All in all, it’s a week packed with innovation, security challenges, and a few surprises—perfect for anyone keeping an eye on the fast-moving world of tech. If you’d like more details on any of these stories, just let me know!



Become a supporter of the podcast and help me grow the podcast and studio by becoming an Insider, every little bit helps and is greatly appreciated.



If you have anything you’d like to share or comment on, email podcast .at. zl4kj .dot. nz, I would love to hear from you. Alternatively you can Send a Voice Message




Developer discovers his vacuum has a secret backdoor



Chromium browsers vulnerable to a crash bug​



Affinity’s image-editing apps go “freemium” in first major post-Canva update



Windows 11 tests Bluetooth audio sharing that connects two headsets at once



Claude can be tricked into sending your private company data to hackers - all it takes is some kind words



Google makes first Play Store changes after losing Epic Games antitrust case



Arch Linux - News: dovecot >= 2.4 requires manual intervention



The US just dropped $1 billion on AMD’s supercomputers to prove its AI dominance isn’t slipping away quietly



Another major WordPress add-on security flaw could affect 10,000 sites - find out if you're affected



Fake Nvidia keynote deepfake fools 100,000 viewers as YouTube promotes crypto scam over real Jensen Huang event



Major telecom supplier compromised by nation-state crew



EU and UK organizations ponder resilience after Azure outage



Robotic lawnmower uses AI to dodge cats, toys



Ransomware gang runs ads for Microsoft Teams to pwn victims



The clock's ticking for MySQL 8.0 as end of life looms



Linux vendors are getting into Ubuntu – and Snap • The Register 



Microsoft adds Copilot to 365 companion apps, like it or not



We’re Making it Easier to Encrypt Your WhatsApp Chat Backups



Canada Warns of Cyberattacks Targeting Industrial Control Systems



Nvidia Becomes First Company Valued Above $5 Trillion



Teen Handcuffed After AI Mistakes Doritos for Gun



Microsoft Task Manager bug spawns new processes



Report: Apple to Launch These New Products in 2026



DigiKey Grows Over 31,000 New Parts in Q3 2025



3D-Printed Guitar [Prusacaster ==> Hackstercaster]



Simple Animatronic Eyes



New Book Release: Small Antennas for Small Spaces 3rd Edition

Ver todos los episodios