A developer gained access to thousands of vacuum cleaners, including camera and location data. Meanwhile, the security flaw has been closed, but it also shows how much data the manufacturers have access to.
A software developer actually just wanted to control his vacuum robot with a PS5 controller.
However, instead, Sammy Azdoufal not only gained access to thousands of robots worldwide but also to integrated cameras and microphones. The manufacturer has now closed the security gap. This is reported by the English magazine PCGamer.
Security flaw gives developer access to thousands of robots worldwide
What exactly happened? The developer had purchased a DJI Romo from the vacuum robot manufacturer of the same name. In the next step, he wanted to examine the traffic between his newly purchased vacuum cleaner and the manufacturer’s servers. For this purpose, he used the chatbot Claude.
However, the security token provided granted him access not only to his own device but also to thousands of vacuum robots worldwide. In this way, Azdoufal gained access to numerous data from the vacuum cleaners.
This included information about their cleaning routes, their battery status, and the obstacles they encountered. He could also access their integrated cameras and microphones. Moreover, he was able not only to reconstruct the floor plans of the apartments but also, thanks to the IP address, to determine the approximate location in each household.
Another “security flaw” often comes from passwords. Because many users put in too little effort to protect their data or accounts with secure passwords. Researchers repeatedly show how quickly simple passwords can be cracked: You think your password is secure? A graphic shows you how long hackers take to crack it
