Security flaw lets engineer control 7,000 internet-connected robots
What's the story
A software engineer's attempt to control his new DJI robot vacuum using a gaming controller has exposed a major security flaw. Sammy Azdoufal, the engineer in question, was developing a remote-control app when he stumbled upon the vulnerability. The same credentials that gave him access to his own device also granted him access to live feeds from nearly 7,000 other vacuums across 24 countries.
Vulnerability details
Malicious actors could have exploited the vulnerability
The security bug in question exposed an entire fleet of internet-connected robots, which could have been used for surveillance by malicious actors. Azdoufal was able to access real-time camera feeds and activate microphones on these vacuums. He could even create 2D floor plans of the homes they were cleaning and get a rough idea of their locations from the robots' IP addresses.
Issue resolution
DJI released updates to fix the security bug
DJI has confirmed that it identified the vulnerability in late January and started fixing it immediately. The company released two updates earlier this month to fix the flaws. "The issue was addressed through two updates, with an initial patch deployed on February 8 and a follow-up update completed on February 10," DJI told Popular Science.
Privacy fears
Incident highlights growing concerns about smart home devices
The DJI incident highlights concerns about the surveillance potential of internet-connected home devices. Earlier this month, Ring camera owners raised alarms over an ad for the company's pet-finding feature, which some saw as a way to normalize broader monitoring. Separately, Google was able to access footage from a Nest Doorbell camera in an abduction case despite earlier claims that it had been deleted, sparking renewed debate over consumer control over their data.
Security concerns
US lawmakers have warned against Chinese tech products
US lawmakers from both parties have long warned that DJI and other Chinese tech companies pose a unique security threat. The claims are not backed by solid evidence but have been enough to justify banning certain Chinese products. Despite these fears, the market for smart home devices continues to grow, with 54 million US households estimated to have at least one such device installed as of 2020.