US EditionDIY Hack Exposes Massive Flaw in DJI Romo Vacuums
A hobbyist discovered unsecured data on over 7,000 DJI Romo vacuums worldwide, exposing floor plans, video, and audio due to server misconfigurations, DJI responded with prompt fixes.
- Last week, Sammy Azdoufal, AI strategist and hobbyist, accidentally accessed more than 6,700 DJI Romo vacuums across about 24 countries, saying, `I found my device was one of an ocean of devices.`
- Server-Side storage flaws left device data readable, exposing floor plans, live video feeds and microphone input on DJI cloud servers despite intact encryption of communications.
- Using a PlayStation controller, Sammy Azdoufal reverse-engineered the Romo protocol and accessed live video feeds, microphones, and floor plans from more than 6,700 vacuums.
- DJI issued firmware updates and said the issue was fixed last week, but some vulnerabilities remain, including streaming without a security PIN, and it remotely disabled the device when reporting was blocked.
- The episode follows prior robot-vacuum hacks and highlights broader IoT security risks, as manufacturers should strengthen authentication and encryption while consumers check firmware updates and security settings.
18 Articles
18 Articles
DJI Romo Robot Vacuums: A Security Flaw Exposes Global Vulnerability
Imagine a still room in a London flat, the sudden whirring sound of a robot vacuum. Inside, there is a tiny camera that records every corner. A Spanish software engineer, Sammy Azdoufal, found himself able to see through not just his own unit but thousands of devices located around the globe. Azdoufal had wanted to do something new with his DJI Romo vacuum cleaner. He experimented to get the device to react to a PlayStation 5 controller using ar…
He accidentally gained control of 7,000 robot vacuums
CNN’s Clare Duffy spoke with Sammy Azdoufal, who says he accidentally hacked thousands of DJI Romo vacuums while trying to connect it to his play station control, giving him access to other users’ microphone audio and video streams. DJI says the issue has since been resolved.
A French programmer discovered a safety flaw on a model of a robot vacuum cleaner. He was able to remotely access the data of 7,000 devices, without the knowledge of the owners. The Chinese manufacturer DJI assures that he has brought a fix to his software. - "A complete plan of all parts": 7,000 robot vacuum cleaners hacked by a Frenchman (New technologies).
While he wanted to find a solution for manoeuvring his vacuum with a PlayStation controller, Sammy Azdoufal had access to the camera and microphone of several thousand devices, as well as to housing.
Coverage Details
Bias Distribution
- 43% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
