You probably didn’t know that DJI made a robot vacuum, and they might be wishing they didn’t. DJI’s Romo robot vacuum had pretty terrible security. How bad? A guy was able to remotely access thousands of them.
The individual, Sammy Azdoufal, told The Verge that he “wasn’t trying to hack every robot vacuum in the world. He just wanted to remote control his brand-new DJI Romo vacuum with a PS5 Gamepad… because it sounded fun.”
You might be wondering, what’s so bad about remotely controlling a robot vacuum? What’s the worst that could happen? Someone else cleans my home? Well, robot vacuums are a lot more sophisticated these days and often include cameras. So Azdoufal was able to look and listen through their live camera feeds. And he could use any robot’s IP address to find its rough location.
Now, Azdoufal isn’t just a random consumer who bought DJI’s robot vacuum; he leads AI strategy at a vacation rental home company. So it’s not quite the same as an accountant hacking into thousands of robot vacuums. But still, this is quite scary if you’re one of the thousands who bought the DJI Romo.
The Verge also tested this out in-house, asking a colleague to provide the 14-digit serial number for the unit they had just finished reviewing, and they were able to pull up the robot, see the battery life remaining, cleaning, and much more.
DJI is planning to fix this security hole “in weeks”
The good news is that DJI is planning to fix this hole in the security of its first robot vacuum, but it’s going to take a few weeks. DJI is also going to address another vulnerability in this update, which The Verge deemed too risky to disclose, in the coming months.
This is DJI’s first robot vacuum, and we typically see security issues like this with a company’s first products in a new product category. Let’s not forget about Anker’s sub-brand Eufy and its security issues with its cameras, a few years ago.
The post Someone Hacked Thousands Of DJI Robot Vacuums For Fun And It Was Embarrassingly Easy appeared first on Android Headlines.
