A software engineer named Sammy Azdoufal just wanted to control his DJI Romo robot vacuum with a PlayStation controller. Sounds like fun, right? Well, what he got instead was accidental access to the live camera feeds, microphone audio, and home floor plans of nearly 7,000 other people’s robot vacuums across 24 countries.
While building his own remote-control app, Azdoufal used an AI coding tool to figure out how the vacuum talked to DJI’s servers. A security flaw in those servers gave him the same level of access as if he were the owner of thousands of other robots. He could see inside strangers’ homes and map their floor plans in real time. Rather than exploit the bug, he reported it to tech outlet “The Verge,” which contacted DJI. The company patched the issue earlier this month.
Source: PopSci
