DJI insists that it had already started fixing several weaknesses in its backend systems before Azdoufal demonstrated the scale of access he had uncovered, yet questions remain about the reward and patching. According to an email he shared with The Verge , DJI agreed to pay him $30,000 for one of his discoveries, though the company did not clarify which specific discovery is eligible for the reward. DJI confirmed that it had compensated an unnamed researcher, according to The Verge . Yet, the company's past dispute with researcher Kevin Finisterre in 2017 makes it unclear whether Azdoufal would be rewarded at all and how quickly the DJI backend holes will be patched.
It all started earlier this year, when Sammy Azdoufal wanted to control his robotic hoover with something more convenient than a smartphone screen. To control his DJI Romo using his PS5 gamepad, Azdoufal had to develop a custom controller app that used his security token to verify to his vacuum cleaner that he was the owner of the device. To extract that token, he needed to work with DJI's cloud servers to reverse-engineer the authorization process, which he successfully did using the assistance of an AI coding tool. As it turned out, instead of verifying a single robot, DJI’s backend granted broad access rights to some 7,000 robot vacuum cleaners located in 24 countries, along with their sensor and data stored in the cloud.
User accidentally gains control of over 6,700 robot vacuums while tinkering with their own device
Engineer finds his smart sleep mask can read other people's brainwaves due to poor software security
Troublesome 16-pin connector sidelines $30,000 H200 Hopper GPU
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/engineer-receives-usd30-000-for-exposing-a-vulnerability-affecting-7-000-robot-vacuum-cleaners-tinkerer-just-wanted-to-drive-his-robot-vacuum-with-a-ps5-controller#main
- https://www.tomshardware.com
- NVIDIA Brings AI-Powered Cybersecurity to World’s Critical Infrastructure
- NVIDIA and Partners Show That Software-Defined AI-RAN Is the Next Wireless Generation
- Claude Code deletes developers' production setup, including its database and snapshots — 2.5 years of records were nuked in an instant
- AI vibe-coded operating system is so bad it can't even run Doom — Vib-OS can't connect to the internet, browser app is an image viewer [Updated]
- Linux hacked onto a PS5 to turn Sony's console into a Steam Machine — GTA V Enhanced Edition runs at 60 FPS on 1440pwith ray tracing
Informational only. No financial advice. Do your own research.