Sammy Azdoufal initially wanted to control his new DJI Romo vacuum with a PS5 gamepad. What he didn’t expect was to connect with around 7,000 other robot vacuums worldwide. His app let him manipulate their movements and even peek through their cameras. It was an amusing experiment at first—until it revealed serious vulnerabilities in the system.
During a live demo, Azdoufal showcased his access. Hundreds of vacuums were sending data about where they were cleaning, what obstacles they faced, and how far they had traveled. Within minutes, he identified 6,700 devices across 24 countries. This access raised alarming questions about security practices.
Azdoufal, who leads AI strategy at a vacation rental company, reverse-engineered DJI’s communication protocols. He could quickly access his own robot’s data, including battery life and cleaning status. Analyzing the data, he created accurate floor plans of various homes—without needing any special permissions.
He noted that he bypassed no security measures while accessing his own device; he just managed to tap into DJI’s system, inadvertently exposing a gap that allowed data from thousands of others. “I didn’t break in; the system just laid itself bare,” he said.
The reaction from the tech community has been mixed. Some see it as a fun hack, while others recognize the critical privacy risks. Users are now questioning whether a robot vacuum should even have a camera or microphone in the first place. Azdoufal adamantly said, “Why is there a microphone on a vacuum?”
DJI responded to this incident, claiming vulnerabilities were promptly addressed. However, critics argue that merely cutting off one entry point does not ensure comprehensive security. If a skilled user can easily access and manipulate the system, what’s to stop malicious actors from doing the same?
This isn’t isolated to DJI. Other smart home devices have experienced similar breaches. In 2024, hackers took control of Ecovacs vacuums, causing chaos. Security issues in brands like Wyze and Anker’s Eufy have also raised alarms, putting user privacy at risk.
Experts, like security researcher Kevin Finisterre, stress that encryption only protects data in transit, not what’s available once it arrives at the server. “If there’s no proper access control, you can see everything in plaintext,” he explained. This vulnerability underscores how critical it is for smart device companies to enforce robust security measures.
Overall, this incident has sparked significant debate about privacy, security, and the responsibilities of tech companies in safeguarding user data. The need for transparent communication and rigorous security protocols has never been more urgent in the fast-evolving landscape of smart home technology.
Source link
Report,Smart Home,Tech
