ARTICLE AD BOX
New Delhi: In some reports, it has been reported that DJI’s Romo robot vacuum has reported to enable remote access to thousands of devices around the world. This flaw was discovered when the developer was trying to control his vacuum using the PS5 controller.
Further, when his homemade application connected to the DJI’s servers, it didn’t just communicate with the device. Around 7,000 vacuums across the different countries have responded. Rather than accessing only one machine, it has reported to be able to remotely control many of them across the countries.
This problem was not due to broken encryption, but the company’s servers did not properly restrict access. DJI has now fixed the issue from its side; however, the incident has raised concerns about the safety and privacy of the smart home devices.
The vulnerability was linked to how DJI’s Romo vacuums communicate with the company servers by using a protocol called MQTT. MQTT is a lightweight communication protocol that is commonly used in Internet of Things devices. These IoT devices include smart home products like robot vacuums, security cameras, and smart speakers that will connect to the internet.
MQTT generally works by sending messages via a central server, which is called a broker. Devices subscribe to specific channels, known as topics, to send and receive data. Each of the devices should only access its own topic. DIJI’s system did not properly restrict all of the topic access after the authentication.
This recent incident shows that even a well-known brand can face several security gaps in its connected devices. While encryption protects data in transit, strong access control rules are equally important. When the smart device includes cameras, microphones, and mapping tools inside private homes, weak server permissions can potentially expose sensitive personal information.
English (US) ·