"Sammy Azdoufal claims he wasn't trying to hack every robot vacuum in the world. He just wanted to remote control his brand-new DJI Romo vacuum with a PS5 gamepad, he tells The Verge, because it sounded fun. But when his homegrown remote control app started talking to DJI's servers, it wasn't just one vacuum cleaner that replied. Roughly 7,000 of them, all around the world, began treating Azdoufal like their boss."
"On Tuesday, when he showed me his level of access in a live demo, I couldn't believe my eyes. Ten, hundreds, thousands of robots reporting for duty, each phoning home MQTT data packets every three seconds to say: their serial number, which rooms they're cleaning, what they've seen, how far they've traveled, when they're returning to the charger, and the obstacles they encountered along the way."
A hobbyist built a remote-control app for a DJI Romo vacuum and accidentally accessed thousands of other units when the app communicated with DJI servers. Roughly 7,000 devices began accepting commands and streaming live camera feeds, enabling remote control, audio/video monitoring, and 2D floor-plan generation. Each robot reported MQTT packets every three seconds containing serial number, cleaning-room status, observations, distance traveled, charger returns, and obstacle encounters. In a live test, 6,700 devices across 24 countries produced over 100,000 messages within nine minutes. The immediate threat may be fixed, but the incident highlights broad IoT security and privacy vulnerabilities.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]