A small, innocuous, personal DIY project turned into a global security alert. Sammy Azdoufal, an engineer, just wanted to control his DJI Romo robot vacuum cleaner with his console controller. Why not. So he developed an app and used an artificial intelligence (AI)-based coding assistant to better understand the communication between the device and the cloud from the manufacturer.
However, the experience quickly gets out of hand. The credentials generated to access his own device gave him control of thousands of vacuum cleaners in home living rooms around the world. According to him, nearly 7,000 devices spread across twenty-four countries become searchable: live video feeds, microphones, house plans and activity data, Sammy Azdoufal recovers everything and can therefore spy on his victims at will.
According to the media Popular Science, rather than exploiting this flaw for criminal (or voyeuristic) purposes, the developer chose to report the problem. He therefore transmitted his findings to the specialized media The Verge, which contacted DJI directly. The company claims to have corrected the flaw with two updates made at the beginning of February, without doing anything on the customer side. In a statement, DJI says “have identified the vulnerability during an internal review and initiated fixes immediately”.
The house as a ground for attack
This is not the first problem of this kind linked to connected objects and certainly not the last. Autonomous vacuum cleaners, voice assistants, doorbell cameras, all constantly collect audiovisual data. Special feature of cleaning robots: establishing a precise map of your home, very useful for potential burglars. Part of this information is generally stored in the cloud from the manufacturer, which increases the risk of leaks.
The DJI Romo, recently marketed at the low price of 1,300 euros, is the perfect example of this new generation of very autonomous domestic robots. Thanks to its sensors, it is able to recreate a precise map of your home, which has worried cybersecurity experts for several years.
The more smart devices multiply, the more they become targets for hackers. The arrival of AI capable of helping to analyze code could also facilitate the discovery and exploitation of flaws in these devices.
In the United States, several politicians are pointing out the risks linked to foreign technology manufacturers, fearing that they will open the homes of their fellow citizens to espionage activities. If for the moment no concrete evidence supports these suspicions, the question of data must be placed at the heart of the debates.
