DJI Vacuum Security Flaw Exposes Thousands of Homes

Sammy Azdoufal (@n0tsa) recently thought it might be fun to see if he could control his new DJI robotic vacuum with his PS5 controller. Within a few hours, he had the ability to both see and hear inside 7,000 DJI vacuum owners' homes, and control the devices with super low latency. Sammy discovered the bug when he was trying to program the vacuum to make crying noises when it reached 30% battery. While reverse engineering the DJI Home app so he could figure out his vacuum's battery status, DJI sent him data on all existing DJI vacuums of that model. Sammy then contacted his friend, who also had a DJI vacuum, and quickly found he could both see and hear his friend through his DJI vacuum, as well as control it. Sammy says DJI hasn't fixed the bug completely, and that being able to see through the vacuums is still possible. Here's his full breakdown of finding the bug: