A Spanish software engineer unintentionally seized control of roughly 7,000 robot vacuums across the globe thanks to a startling security flaw – that gave him the power to peek inside homes through the devices’ live cameras.
Sammy Azdoufal’s attempt to reverse-engineer his DJI Romo vacuum cleaner to work with his PlayStation 5 controller using artificial intelligence inadvertently gave him sweeping access to the device’s servers across 24 countries, the tech wiz revealed to The Verge.
“I found my device was just one in an ocean of devices,” he told the New-York based tech outlet.
“I didn’t infringe any rules, I didn’t bypass, I didn’t crack, brute force, whatever.”
Even without hacking into DJI’s servers, Azdoufal was able to hijack thousands of bots, spy through their cameras, active microphones, map home layouts, and track devices using IP addresses, he admitted.
The engineer was also able to directly tap into with the tech company’s network – a breach that illustrates the ease in which bad actors could obtain data in a tech-saturated society.
Azdoufal, head of AI at a property management and travel group in Spain, said he alerted The Verge to the company’s major security flaw, prompting the outlet to contact DJI.
The Chinese firm, known for its AI-powered gadgets, confirmed the glitch has since been fixed, adding that other network issues will be addressed in the coming weeks.
“DJI can confirm the issue was resolved last week and remediation was already underway prior to public disclosure,” company spokesperson Daisy Kong wrote in a statement to The Verge.
“DJI maintains strong standards for data privacy and security and has established processes for identifying and addressing potential vulnerabilities.DJI will continue to implement additional security enhancement as part of its ongoing efforts.”
The jarring incident comes two years after Chinese-made robot vacuums by Ecovacs were hijacked and rewired to bombard US homeowners with racial slurs.
