Culture

Oops: Man Inadvertently Gains Control Over 7,000 Robot Vacuums With Cameras Inside People’s Homes Using AI

#AI
by
hacker versus robot vacuum

iStockphoto / BrianAJackson/simpson33


One man exposed a massive security bug in DJI’s robot vacuums and gained access to 7,000 of them worldwide. These robot vacuums have cameras attached to map the physical space they inhabit and had he been a bad actor this access into people’s homes could have been potentially catastrophic.

It all started so innocently too: he wanted to control his DJI robot vacuum using a gaming controller.

Man Gains Access To 7,000 Robot Vacuums Worldwide Using AI

This story gained legs last week when it was picked up by The Verge and Popular Science and quickly became a cautionary tale on the risks of rogue AI.

The individual, Sammy Azdoufal, used Claude Code (AI Tool) to build out a custom remote-control app so he would be able to control his DJI robot vacuum using a PS5 controller. That would be pretty cool! In fact, it looks pretty awesome in action:

He used Claude Code to dive into DJI’s API which pulled an auth token from DJI’s servers and successfully connected to his home robot. But this is where things took a scary turn.

DJI’s authentication had zero device ownership. So one authentication token took control over 7,000 robot vacuums worldwide. He had access to these robots with cameras across 24 different countries.

Criminal Mastermind? Nope. Good Samaritan

Realizing what was happening, he quickly reported the security bug to DJI who patched the fix within two days.

Mind you, these robot vacuums cost around $2,000 at retail. They are sophisticated pieces of technology. And the owners across the globe almost certainly never imagined an accidental hacker would have gained access to the cameras and microphones on their devices simply by wanting to control his own with a gaming controller.

Following the fix, DJI released a statement to PopSci saying “DJI identified a vulnerability affecting DJI Home through internal review in late January and initiated remediation immediately. The issue was addressed through two updates, with an initial patch deployed on February 8 and a follow-up update completed on February 10. The fix was deployed automatically, and no user action is required.”

According to the report in The Verge, Azdoufal’s laptop cataloged 7,000 devices in 24 countries and gathered 100,000+ messages in just 9 minutes. Again, all by simply firing up Claude Code, an AI tool which we all have access to, and directing it to help him control his DJI robot vacuum using a gaming controller.

If he can do that with Claude then it is legitimately terrifying to think what true bad actors might be capable of.

Cass Anderson BroBible headshot and avatar
Cass Anderson is the Editor-in-Chief of BroBible and a graduate from Florida State University with nearly two decades of expertise in writing about Professional Sports, Fishing, Outdoors, Memes, Bourbon, Offbeat and Weird News, and as a native Floridian he shares his unique perspective on Florida News. You can reach Cass at cass@brobible.com
Tags
Want more news like this? Add BroBible as a preferred source on Google!
Preferred sources are prioritized in Top Stories, ensuring you never miss any of our editorial team's hard work.
Google News Add as preferred source on Google