"Using an AI coding assistant to reverse-engineer how the vacuum communicated with DJI's remote servers, Azdoufal extracted a security token meant to prove he owned his specific device. Instead, as reported by Popular Science, the backend servers treated him as the owner of nearly 7,000 robot vacuums operating across 24 countries."
"With a few keystrokes, Azdoufal discovered he could tap into live camera feeds, activate microphones, and even compile 2D floor plans of strangers' private homes. While he responsibly reported the security bug rather than exploiting it, this staggering vulnerability highlights a terrifying reality: The rapid, unchecked integration of automated systems is creating a massive and unprecedented security gap."
"Millions of Americans are increasingly welcoming these internet-connected devices into their most intimate spaces. Roughly 54 million U.S. households had at least one smart home device installed as of 2020, per Parks Associates. Furthermore, companies like Tesla, Figure, and 1X are racing to introduce sophisticated, humanoid autonomous robots capable of living in homes and performing complex chores."
A software engineer discovered a critical security flaw in DJI Romo robot vacuums that granted unauthorized access to thousands of devices worldwide. By reverse-engineering the vacuum's communication protocol, he obtained a security token that the backend servers misinterpreted, treating him as the owner of nearly 7,000 vacuums across 24 countries. This vulnerability enabled access to live camera feeds, microphone activation, and 2D floor plans of strangers' homes. The incident underscores growing security risks as millions of internet-connected smart home devices proliferate in American households. With companies developing autonomous humanoid robots for home use, the integration of automated systems without adequate security measures creates unprecedented surveillance vulnerabilities.
#iot-security-vulnerabilities #smart-home-privacy-risks #autonomous-robots #surveillance-concerns #device-authentication-flaws
Read at Fortune
Unable to calculate read time
Collection
[
|
...
]