Someone Remotely Accessed the Cameras in 7,000 DJI Robot Vacuums
PetaPixel • • general
Key Points:
- Sammy Azdoufal developed an app to control his DJI Romo vacuum with a PS5 controller and accidentally gained remote access to about 7,000 Romo vacuums worldwide, allowing him to view live video and audio feeds inside people's homes.
- Azdoufal accessed these devices by using a private token from his own Romo, exploiting DJI’s servers which granted him extensive access without hacking or breaking security protocols.
- The Verge verified Azdoufal’s claims by remotely accessing a Romo unit, obtaining floor plans, and live video feeds, highlighting significant security flaws in DJI’s system.
- DJI was informed about the vulnerabilities before The Verge’s report and claimed to have fixed them, but Azdoufal’s live demo showed
