In our vacuum robot test, we put four vacuum robots through their paces. Vorwerk vacuum cleaners have been sold under the “Kobold” brand since 1930. Vacuum robots have also been included in the product family since 2014. In the following test report, we have taken a closer look at the current VR300 model with regard to security and privacy.
Version 2.0.0 of the Kobold App has been put to the test. It is heavily obfuscated, which makes it difficult for potential attackers to understand the internal functions of the app.
It also contains a password-protected root certificate for *.ksecosys.com, for which Certificate Pinning is implemented. The app always communicated TLS1.2 encrypted in the test, a local communication could not be detected.
Our testers were also positively surprised that there is no Facebook program code in the app. This was always the case with the other vacuum robots under test, enabling the social media company to gain insight into users’ lifestyles and purchasing behavior, as well as tracking their advertising ID across apps.
The Internet communication of the Kobold VR300 is always encrypted, but the TLS1.0 encryption protocol used should be brought up to the state of the art in a timely manner.
The communication of the vacuum robot is protected against simple attacks by the protocol used. The communication of the app is always TLS1.2 encrypted and thanks to implemented certificate pinning, extended certificate validation, also protected against advanced attacks.
With the Kobold VR300, Vorwerk offers a secure vacuum robot that has clear privacy advantages as well as always encrypted communication. For this reason, we rate the vacuum robot with three out of three stars.