DJI insists that it had already started fixing several weaknesses in its backend systems before Azdoufal demonstrated the scale of access he had uncovered, yet questions remain about the reward and patching. According to an email he shared with The Verge , DJI agreed to pay him $30,000 for one of his discoveries, though the company did not clarify which specific discovery is eligible for the reward. DJI confirmed that it had compensated an unnamed researcher, according to The Verge . Yet, the company's past dispute with researcher Kevin Finisterre in 2017 makes it unclear whether Azdoufal would be rewarded at all and how quickly the DJI backend holes will be patched.
It all started earlier this year, when Sammy Azdoufal wanted to control his robotic hoover with something more convenient than a smartphone screen. To control his DJI Romo using his PS5 gamepad, Azdoufal had to develop a custom controller app that used his security token to verify to his vacuum cleaner that he was the owner of the device. To extract that token, he needed to work with DJI's cloud servers to reverse-engineer the authorization process, which he successfully did using the assistance of an AI coding tool. As it turned out, instead of verifying a single robot, DJI’s backend granted broad access rights to some 7,000 robot vacuum cleaners located in 24 countries, along with their sensor and data stored in the cloud.
User accidentally gains control of over 6,700 robot vacuums while tinkering with their own device
Engineer finds his smart sleep mask can read other people's brainwaves due to poor software security
Troublesome 16-pin connector sidelines $30,000 H200 Hopper GPU
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/engineer-receives-usd30-000-for-exposing-a-vulnerability-affecting-7-000-robot-vacuum-cleaners-tinkerer-just-wanted-to-drive-his-robot-vacuum-with-a-ps5-controller#main
- https://www.tomshardware.com/subscription
- Linux hacked onto a PS5 to turn Sony's console into a Steam Machine — GTA V Enhanced Edition runs at 60 FPS on 1440pwith ray tracing
- New Commerce Department AI export rules could be seismic change for CSPs and data center operators — buying American GPUs at scale means committing to building
- AMD VP uses AI to create Radeon Linux userland driver in Python — senior AI engineer says he "didn't open the editor once"
- NVIDIA Advances Autonomous Networks With Agentic AI Blueprints and Telco Reasoning Models
- Researchers build atom-thin 2D thermometers that can be embedded directly in processors — can detect temperature changes in 100 nanoseconds, millions of times f
Informational only. No financial advice. Do your own research.