A Spanish engineer said he had discovered a security vulnerability in a robot vacuum cleaner from Chinese company DJI and had access to about 7000 devices around the world.
According to the U.S. tech media The Verge and the Guardian, software engineer Sammy Azdufal identified a vulnerability in a recent interview in the reverse design process of a newly purchased DJI Romo vacuum cleaner to be manipulated with a gamepad.
When Azdupal accessed the DJI server with its own remote control application, a number of robot vacuum cleaners were connected and responded.
“Not just one connected, but about 7000 vacuum cleaners operating in 24 countries started following me like a boss,” he said.
The problem didn’t stop at the level of simple remote control. More than 100,000 messages have been collected by Azdupal on his device.
It was found that real-time video and voice information of users were accessible through cameras and microphones installed in the vacuum cleaner.
It was also able to determine the approximate location of users through Internet Protocol (IP) information.
In fact, when a reporter gave him the serial number of the DJI robot vacuum cleaner he was using during the test, Azdupal found out the real-time video of the device, the condition of the battery, and the interior floor plan of the reporter’s house.
Azdufal said, “I didn’t mean to hack the device intentionally, but I started it for fun at first. Contacting The Verge is to inform the security vulnerabilities of the device.”
After the report, DJI told The Verge and Populer Science that “the problem has been solved,” but Azdufal argued that “some vulnerabilities still remain, so security concerns have not been completely resolved.”
He pointed out, “This case is a warning that smart home devices and robots can be targeted by hackers and may have already been hacked.”
Alan Woodward, a computer science professor at Surrey University in the UK, told the Guardian, “Similar cases have been reported before. Some manufacturers prioritize rapid innovation to secure market share, but security continues to take a back seat. Manufacturers should identify security vulnerabilities, and consumers should also consider whether the potential benefits of smart devices outweigh the risk of personal information infringement.”
JENNIFER KIM
US ASIA JOURNAL
