Software engineer creates international security incident over vacuum cleaner controller
An innocent attempt by software engineer Sammy Azdoufal to control his new DJI robot vacuum cleaner with a video game controller unintentionally escalated into a large-scale privacy breach. Because of a flaw in the backend security, he gained access to the live camera feeds and microphones of almost 7,000 other devices spread across 24 countries.
Azdoufal discovered the leak while working on his own app to control his robot remotely. Using an AI coding tool, he tried to decode the communication between the device and DJI’s cloud servers. To his surprise, the login credentials that gave him access to his own vacuum cleaner also gave him control over a small army of Internet-connected robots belonging to other owners. Without their knowledge, their household helpers turned into active espionage tools.
What’s more, Azdoufal could not only activate the cameras, but also view detailed floor plans of the homes and determine the general location of the robots via their IP addresses. DJI, a Chinese tech giant best known for its drones, has now rolled out the DJI Romo to various international markets at a price of around two thousand dollars. The incident underscores the longstanding warnings from cybersecurity experts that smart home devices are attractive targets for malicious actors.
In a response, DJI has stated that the vulnerability has now been fixed through automatic updates in February. The manufacturer claims that no action is required from the user. At the same time, concern is mounting about the privacy costs of the modern smart home. Earlier incidents at companies such as Ring and Google had already fuelled the debate about how much control consumers really have over their sensitive data once it is stored on external servers.
The risk is also becoming more complex as robots grow more advanced. Companies such as Tesla and Figure are working on humanoid robots that will require even more intimate access to our living spaces in order to function. For a hacker or stalker, these devices represent a potential goldmine of information. Azdoufal’s case shows that serious security risks still exist with these smart home devices.
Business AM
Subscribers 0
Fans 0
Followers 0
Followers