The Western Journal

‘Maybe It Wasn’t a Bug…’ Internet Weighs In on Man Who Discovered He Could Access 7,000 Robotic Vacuums

An episode involving Sammy Azdoufal, a Spanish software engineer, exposes a serious security flaw in DJI’s Romo robot vacuums. After connecting a Romo to a PlayStation 5 controller, he found that his own remote-control setup could trigger thousands of vacuums worldwide and allow him to drive them, monitor their audio and video, and map homes. In about nine minutes, his laptop cataloged roughly 6,700 DJI devices across 24 countries and collected over 100,000 messages; when including DJI Power portable stations, the total surpassed 10,000 devices. He did not hack DJI’s servers; he accessed his own data and, inadvertently, data from thousands of other customers. Following demonstrations reported by tech journalist Sean Hollister for The Verge, DJI fixed the vulnerabilities within two days. The story went viral, sparking social media commentary-ranging from jokes to skepticism about the patch speed and broader IoT security concerns, including controversial remarks about monitoring by Chinese entities. DJI reportedly planned to reward Azdoufal about $30,000 for discovering the flaw, and he ended up with a highly controllable, high-end vacuum, leading to a “clean sweep” in publicity and reward.


What would you do if you had a global army of robot vacuums at your command?

There are probably plenty of people whose first thought would be to cook up some sort of mischief, harmless or otherwise.

But when it actually happened to Sammy Azdoufal, a Spanish software engineer, he ultimately decided to… report the issue to the vacuum manufacturer.

But not before contacting tech expert Sean Hollister at The Verge to demonstrate the startling vulnerability.

It all started when Azdoufal had the bright idea to connect his DJI Romo robot vacuum to a PlayStation 5 game controller.

“But when his homegrown remote control app started talking to DJI’s servers, it wasn’t just one vacuum cleaner that replied,” Hollister reported. “Roughly 7,000 of them, all around the world, began treating Azdoufal like their boss.”

Azdoufal found he could control other vacuums, monitor their audio and video, and watch them map out houses.

When he demonstrated his extraordinary level of access, Hollister wrote, “I couldn’t believe my eyes.”

“I watched each of these robots slowly pop into existence on a map of the world. Nine minutes after we began, Azdoufal’s laptop had already cataloged 6,700 DJI devices across 24 different countries and collected over 100,000 of their messages,” he continued.

“If you add the company’s DJI Power portable power stations, which also phone home to these same servers, Azdoufal had access to over 10,000 devices.”

Azdoufal told Hollister he hadn’t hacked into the company’s servers or do anything else illegal.

He just accessed his own data on the company’s servers, and they provided him access to thousands of other customers’ data, too.

Days after Azdoufal and Hollister notified the company about the vulnerabilities, DJI had corrected them.

News outlets across the globe picked up on Hollister’s story in The Verge, and the story went viral.

Another tech expert, Mark Gadala-Maria, garnered millions of views with a post about it on social media platform X. He called the story “insane” — and not only because Azdoufal’s high-tech vacuum retails for somewhere around $2,000.

That post drew plenty of comments from readers, who had some thoughts on the situation.

“I was wondering why the vacuum kept following my [girlfriend] to the shower,” one joked.

Another professed to be a “bit disappointed he did not even attempt a minor coup with 7,000 vacuums.”

More than one was skeptical about how quickly the company plugged the “leak.”

“The funniest part is ‘DJI fixes it in two days,’” one observed. “They had the ability to fix it that fast the whole time. They just never bothered until someone publicly embarrassed them.”

“The real story here is how many other [Internet of Things] devices have this exact same flaw but haven’t had a curious engineer with an Xbox controller stumble upon it yet,” another remarked.

“Maybe it wasn’t a bug … Maybe it was a feature,” one observed. “Maybe lots of Chinese electronics have this feature.”

Gadala-Maria confirmed that theory in a response to a similar post: “if you have a Chinese device in your home with a camera you can safely assume it’s being monitored by CCP,” he wrote.

Aside from those rather troubling observations, it looks like a happy ending all around for Azdoufal.

Not only does he now have a robot vacuum (or a “stupidly expensive floor cleaner,” as Gadala-Maria called it) that he can control with his PS5, the Times of India recently quoted DJI as saying it plans to pay him a $30,000 reward for discovering the security flaw.

You might even say he “cleaned up” on the deal.




Advertise with The Western Journal and reach millions of highly engaged readers, while supporting our work. Advertise Today.



" Conservative News Daily does not always share or support the views and opinions expressed here; they are just those of the writer."
*As an Amazon Associate I earn from qualifying purchases

Related Articles

Back to top button
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker