Sammy Azdoufal, a software engineer in Spain, recently discovered a serious security vulnerability in the DJI Romo robot vacuum line. This technical glitch inadvertently granted him access and control over approximately 7,000 devices in more than 24 countries worldwide.
Initially, Azdoufal only intended to perform "reverse engineering" on his own robot to control it with a PlayStation 5 controller using artificial intelligence. However, the testing process opened access to the main server system, revealing that his device was just one of countless other devices being publicly displayed.
Serious privacy risks
Notably, the engineer emphasized that he did not perform any cracking or complex cyberattacks to gain this administrative access. The vulnerability allowed him to directly access active cameras and microphones, as well as view home layouts and users' IP addresses.
Azdoufal admitted to The Verge that he could fully view the inside of customers' homes through the robot's cameras. This raises a major alarm regarding personal data security for smart home devices.
Manufacturer response and fix
After being notified of the incident, DJI quickly confirmed and patched the security vulnerability before the information was made public. Spokesperson Daisy Kong stated that the issue was fully resolved last week and the company is committed to further upgrading security systems to protect users.
Sammy Azdoufal is currently the Head of AI at a major real estate and tourism corporation in Spain. This incident is reminiscent of the Ecovacs robot vacuum scandal in the U.S. two years ago, when devices were taken over and broadcast offensive content to homeowners.
