The Creators of Valetudo – A Journey of Hacking and Privacy Protection

Sören Beye (also known as Hypfer) and Dennis Giese are the creators behind Valetudo. Giese, a Northeastern University PhD student, began his hacking journey in 2017 and successfully rooted a Xiaomi robot. He went on to develop a cloud replacement system named Dustcloud, which he presented at DefCon and CCC. Subsequently, Dummycloud, a more streamlined implementation, was derived from these ideas and would later influence the development of Valetudo. (Valetudo takes its name from Hygieia, the Greek goddess associated with cleanliness, health, and hygiene.)

The Creators of Valetudo - A Journey of Hacking and Privacy Protection
The Creators of Valetudo – A Journey of Hacking and Privacy Protection

The Creators of Valetudo

Beye had watched Giese’s Def Con presentation and, a year later, began hacking a Roborock S5 purchased from Aliexpress. Over time, Beye uploaded the initial Valetudo prototype to GitHub and shared it on Roboter-Forum, a German forum focused on cleaning and mowing robots. Gradually, their efforts converged, with Beye primarily focusing on Valetudo’s development, while Giese took charge of crafting the image, rooting tools, and discovering evolving exploits. Subsequently, Giese introduced DustBuilder, simplifying the firmware building and device rooting processes.

To decrypt firmware for new models and from different manufacturers, it’s essential to obtain keys from actual devices. While some individuals generously donate robots, and Beye and Giese accept contributions to sustain the project, a significant portion of the expenses comes directly from their own pockets. Giese acknowledges that he has likely invested around $30-$40,000 in robot vacuums. He mentioned, “Financial donations vary. Occasionally, I gather funds to purchase a robot. However, it’s evident that it’s still a considerable financial commitment.

Using Valetudo instead of the vacuum’s default system offers several benefits, with a major one being that your robot remains disconnected from the cloud. This is particularly crucial if you’re concerned about the possibility of your vacuum capturing images, which could potentially be shared by gig workers on platforms like Facebook. Giese explained, “Most robots store images in some way, and some even upload this data. It’s not your devices; it’s the manufacturers who have complete control over both the data and the device.

Check These Out


Please enter your comment!
Please enter your name here