Security Vulnerability Found in DJI Robot Vacuum Cleaner
Ability to Control Vacuums in Dozens of Countries at Once
A Spanish engineer has revealed that he discovered a critical security vulnerability in a robot vacuum cleaner made by Chinese drone company Dajiang Innovations (DJI).
U.S. IT media outlet The Verge released an interview with software engineer Sami Azdufal, who lives in Spain. Azdufal owns Dajiang Innovations' Romo robot vacuum cleaner, and is said to have accidentally found a fatal loophole while playing around with Romo.
Azdufal attempted to reverse-engineer the device so he could control Romo directly with a gamepad. However, when his self-developed remote control application (app) communicated with Dajiang Innovations' server, a large number of robot vacuum cleaners responded all at once. He explained the situation at the time by saying, "It was not the single vacuum cleaner I own, but about 7,000 vacuum cleaners operating in 24 countries that started to follow me."
The more serious issue was security. Azdufal was able to access 100,000 messages collected by the vacuum cleaners, and could watch live video and listen to audio through the cameras installed on them. In other words, he was able to identify the locations and private lives of consumers who owned Romo vacuum cleaners.
In fact, when a reporter from The Verge read out the serial number of the Dajiang Innovations robot vacuum cleaner used at home for testing, Azdufal was able to determine the vacuum's remaining battery level, the floor plan of the house, and even its current location.
Azdufal said, "I was not trying to hack the device on purpose," but stressed, "I contacted The Verge to raise awareness of the security vulnerability." He added, "This case is both a warning and a concern that smart home devices and robots can become targets for hackers, and perhaps may already have been hacked."
After the incident was reported, Dajiang Innovations stated that "the problem has been resolved." However, Azdufal pointed out that some vulnerabilities still remain and that security concerns have not been completely eliminated.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
