In a startling turn of events, a software engineer unintentionally gained control over a vast network of 7,000 robot vacuums. Sammy Azdoufal was attempting to develop his own remote-control application for his robot vacuum, using an AI coding assistant to decipher its communication protocols with DJI's cloud servers. However, his efforts led to a significant security oversight.
What began as a personal project quickly escalated when Azdoufal discovered that the same login credentials allowing him to manage his own device a lso granted him access to live camera feeds, microphone audio, internal maps, and status data from nearly 7,000 other robot vacuums operating in 24 different countries. This backend security flaw meant that a considerable fleet of internet-connected devices could have been weaponised for surveillance purposes without their owners' knowledge.
Fortunately, Azdoufal acted responsibly. Instead of exploiting the vulnerability, he reported his findings to The Verge, which then alerted DJI to the serious issue. He also revealed that he could generate 2D floor plans of the homes where the vacuums were operating and ascertain their approximate locations via their IP addresses. DJI has since confirmed that the security flaw has been addressed through two software updates, deployed on February 8 and February 10.
Artículos relacionados de LaRebelión:
- WordPress Plugin Vulnerability Admin Access Exploited Now
- Alexa AI Now Publicly Available Via Free Web Access
- COVID Vaccine Access Whos Eligible Where
- Mowrator S1 El Robot Cortacesped Multifuncional que Transforma el Cuidado del Jardin
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario