"How one man, just trying to steer his DJI robot vacuum with a PlayStation gamepad, discovered an entire network of 7,000 remote-control DJI robots ready to let him peek into other people's homes."
"DJI will pay Azdoufal $30,000 for one single discovery, according to an email he shared with The Verge, without specifying which discovery it's paying him for. Though DJI is not naming Azdoufal, it confirms to The Verge it has 'rewarded' an unnamed security researcher for their work."
"DJI says it has already addressed the extra vulnerability Azdoufal found where someone can view a DJI Romo video stream without needing a security pin."
A security researcher named Sammy Azdoufal discovered significant vulnerabilities in DJI's robot network while attempting to control a DJI robot vacuum with a PlayStation gamepad. He found access to approximately 7,000 remote-control DJI robots and could view other users' homes through their devices. DJI has now rewarded Azdoufal with $30,000 for his discovery, though the company did not specify which particular vulnerability the payment covered. DJI confirmed it has already addressed an additional vulnerability Azdoufal identified that allowed viewing DJI Romo video streams without requiring a security PIN. The company's response contrasts with its previous handling of security researcher Kevin Finisterre in 2017.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]