DJI Awards $30K to Man for Accidental Hack of 7,000 Romo Robovacs
A recent incident has brought the spotlight to DJI, a leading drone and robotics company, after a man inadvertently hacked into a network of 7,000 DJI Romo robovacs. This happened while he was attempting to control his robot vacuum using a PlayStation gamepad.
Details of the Incident
The individual, Sammy Azdoufal, managed to uncover vulnerabilities that allowed access to the video streams of other people’s homes. Although DJI had initiated some security measures prior to this discovery, questions remained about compensating Azdoufal.
On the positive side, DJI announced it would reward him with $30,000 for his findings. However, the company has not disclosed which specific vulnerability triggered this payment. DJI did confirm it had “rewarded” an unnamed security researcher for their contributions.
Addressing Security Vulnerabilities
DJI has already patched a critical vulnerability that allowed unauthorized viewing of Romo video streams without a security PIN. According to spokesperson Daisy Kong, this issue was resolved by late February. A further overhaul is also underway, as DJI aims to address other vulnerabilities within one month.
- Security PIN vulnerability addressed by late February
- Full system upgrades anticipated within one month
- DJI Romo already holds ETSI, EU, and UL security certifications
DJI’s Commitment to Security
In a recent blog post, DJI reiterated its commitment to strengthening Romo security. The post acknowledged the contributions of Azdoufal and other independent security researchers who identified the same vulnerabilities.
Despite claims of having resolved the issues, ongoing fears about potential security flaws remain. The company has stated it will continually test and submit the Romo and its app to independent security audits.
Future Collaboration with Researchers
DJI is poised to enhance its engagement with the security research community. It plans to introduce new methods for researchers to partner with the company, demonstrating a proactive approach in fortifying the security of its products.
This incident serves as a reminder of the challenges in tech security and the importance of collaboration between companies and the research community to ensure customer safety and product integrity.
