🕷️
SetupAI
📰Stalecollected in 1m

DJI Pays $30K for Romo Robot Hack

DJI Pays $30K for Romo Robot Hack
PostLinkedIn
📰Read original on The Verge
#robotics#bug-bounty#iot-securitydji-romo

💡Gamepad hack exposed 7K robot vacs—critical security lesson for embodied AI devs.

⚡ 30-Second TL;DR

What Changed

Sammy Azdoufal accidentally accessed 7,000 DJI Romo robots via PlayStation gamepad.

Why It Matters

Emphasizes securing robot fleets against unintended network access, boosting ethical hacking incentives via bounties. May prompt DJI users to update firmware promptly.

What To Do Next

Scan your robot IoT fleet for open remote control endpoints using tools like Shodan.

Who should care:Developers & AI Engineers

🧠 Deep Insight

Web-grounded analysis with 4 cited sources.

🔑 Enhanced Key Takeaways

  • Azdoufal used Anthropic’s Claude Code AI to reverse-engineer the DJI Romo’s communication protocol without bypassing encryption or hacking DJI systems.[1][2][3]
  • The vulnerability stemmed from DJI’s MQTT message broker lacking topic-level access controls, allowing plaintext access to data from other devices after authenticating with one token.[3]
  • DJI’s Power portable battery stations, sharing the same MQTT infrastructure, were also accessible through the flaw.[3]
  • DJI initially claimed the flaw was fixed a week prior, but Azdoufal demonstrated thousands of robots still vulnerable during a live demo with a journalist.[3]

🛠️ Technical Deep Dive

  • DJI Romo communicates with servers via MQTT protocol without topic-level access controls, storing device data (floor plans, live video, microphone input) in plaintext.[1][3]
  • Authentication with a single device's private token granted access to traffic from ~7,000 vacuums and Power battery stations across 24 countries.[2][3]
  • TLS encryption protected connections but not stored data content; remaining issues include PIN bypass for camera streams.[1][3]

🔮 Future ImplicationsAI analysis grounded in cited sources

DJI will face increased regulatory scrutiny on IoT security
Repeated smart vacuum vulnerabilities, including prior iLife A11 remote disablement, highlight patterns prompting authorities to enforce stricter cloud data controls.[1]
AI coding tools will accelerate vulnerability discovery in consumer devices
Azdoufal's use of Claude Code enabled rapid reverse-engineering by non-experts, amplifying risks as similar tools proliferate.[2][4]
Automatic server-side patches will become standard for robot vacuums
DJI deployed fixes on February 8 and 10 without user action, setting a precedent amid growing smart home adoption.[3][4]

Timeline

2026-01
DJI identifies Romo vulnerability internally and begins remediation.
2026-02-08
DJI deploys initial server-side patch for MQTT access control flaw.
2026-02-10
DJI releases follow-up update addressing remaining issues automatically.
2026-02
Azdoufal discloses vulnerability to The Verge around Valentine's Day.
2026-03-07
DJI announces $30K bounty payment to Azdoufal for the Romo hack report.
📰Read original article on The Verge
📰

Weekly AI Recap

Read this week's curated digest of top AI events →

👉Related Updates

Same topic

Explore #robotics

Same product

More on dji-romo

Same source

Latest from The Verge

Bezos' Project Prometheus Nears $10B Raise at $38B Valuation

Bezos' Project Prometheus Nears $10B Raise at $38B Valuation

The Next Web (TNW)Apr 21
Physical AI Cuts Industrial Team from 12 to 1

Physical AI Cuts Industrial Team from 12 to 1

钛媒体Apr 21

AI-curated news aggregator. All content rights belong to original publishers.
Original source: The Verge