All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Software Engineer Discovers Security Flaw Giving Access to 7,000 DJI Robot Vacuums

By

Brajeshwar

3mo ago· 6 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Sesame, salt, and substance. A flagship bake.

Score100TypenewsSentimentnegative

Summary

A software engineer accidentally gained access to nearly 7,000 DJI robot vacuums worldwide while attempting to create a remote-control app for his own device. Using an AI coding assistant to reverse-engineer the vacuum's communication with DJI's cloud servers, Sammy Azdoufal discovered that the same credentials that controlled his vacuum also provided access to live camera feeds, microphone audio, maps, and status data from thousands of other devices across 24 countries.

Key quotes

· 4 pulled
A software engineer's earnest effort to steer his new DJI robot vacuum with a video game controller inadvertently granted him a sneak peak into thousands of people's homes.
He soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries.
Sammy Azdoufal just wanted to steer his DJI Romo with a gaming controller.
While building his own remote-control app, Sammy Azdoufal reportedly used an AI coding assistant to help reverse-engineer how the robot communicated with DJI's remote cloud servers.
Snippet from the RSS feed
Sammy Azdoufal just wanted to steer his DJI Romo with a gaming controller.

You might also wanna read

PrivacyFirewall: A Local AI-Powered Data Loss Prevention Solution for Browser Security

PrivacyFirewall is a local, browser-based Data Loss Prevention (DLP) solution designed to prevent sensitive data leaks to AI chatbots. It in

github.com·5mo ago

Browser Fingerprinting via Favicons: Persistent Tracking Method Called Supercookie

Supercookie is a browser fingerprinting technique that uses favicons to assign persistent unique identifiers to website visitors. Unlike tra

github.com·6mo ago

Wi-Fi Router Beamforming Feature Can Be Exploited to Identify Individuals With 99.5% Accuracy, Study Finds

Researchers at Germany's Karlsruhe Institute of Technology discovered that standard Wi-Fi routers using beamforming feedback information (BF

futurism.com·4h ago

New phishing campaign targets Signal users to steal chat backup recovery keys

Hackers are targeting Signal users in a new phishing campaign that attempts to steal their chat backups. The attackers pose as Signal's supp

techcrunch.com·10h ago

Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware

Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta

microsoft.com·13h ago

New browser-based side-channel attack uses SSD activity analysis to spy on users

Researchers have discovered a new browser-based side-channel attack that can spy on users by analyzing SSD (Solid State Drive) activity thro

arstechnica.com·1d ago