Unsecured Robot Vacuums Expose Global Network of Homes to Remote Access

A startling security lapse in DJI’s Romo robot vacuum cleaner has revealed a profound vulnerability, allowing an independent researcher to gain unauthorized remote control over thousands of devices worldwide. This breach not only highlights significant deficiencies in the product’s security architecture but also raises critical questions about the privacy and safety of connected home devices and the data they collect.

Sammy Azdoufal, a tech enthusiast with no prior background in professional cybersecurity, stumbled upon this alarming flaw while attempting to connect his new DJI Romo robot vacuum to a PlayStation 5 gamepad for an experimental remote control experience. His endeavor, driven by curiosity and a desire for a novel interaction with his smart home device, unexpectedly connected him to DJI’s server infrastructure. To his astonishment, instead of a single device responding, approximately 7,000 DJI Romo units, distributed across 24 countries, began to acknowledge his commands. This uncontrolled access provided him with the ability to remotely operate the vacuums, view their live camera feeds, and even generate detailed 2D floor plans of the homes they were operating within.

The extent of Azdoufal’s access was demonstrated in real-time, revealing a staggering volume of data transmission. Each of the affected robots was observed to be sending MQTT data packets every three seconds, broadcasting critical information such as their unique serial numbers, the specific rooms they were cleaning, visual data captured by their onboard cameras, distance traveled, charging status, and details of any obstacles encountered. Within a mere nine minutes of initiating his scan, Azdoufal’s system had cataloged over 6,700 DJI devices, accumulating more than 100,000 individual messages. When considering DJI’s Power portable power stations, which also communicate with the same servers, the total number of accessible devices surged to over 10,000.

The implications of such an intrusion are far-reaching. The ability to remotely control a device equipped with a camera and microphone within a private residence presents a severe privacy risk. Azdoufal demonstrated this by accessing a colleague’s DJI Romo, using only its serial number, to confirm its cleaning status and battery life. He then proceeded to generate an accurate floor plan of the colleague’s home, showcasing the potential for reconnaissance without any explicit user consent or authorization beyond possessing a device’s unique identifier. Furthermore, Azdoufal reported being able to bypass security PINs and view live video feeds from DJI Romo units, even demonstrating this capability on his own device.

Azdoufal claims his exploit did not involve malicious hacking techniques such as brute-forcing or cracking. Instead, he reportedly extracted his own DJI Romo’s private token – the digital key meant to authenticate access to his personal data. It appears this token was subsequently accepted by DJI’s servers for numerous other devices, effectively granting him broad access to their operational data and functionalities. His analysis indicated that he could connect to DJI’s pre-production servers, as well as the live servers catering to the US, China, and the European Union, suggesting a systemic issue within DJI’s network infrastructure.

While Azdoufal was not able to directly manipulate the specific DJI Romo unit belonging to a colleague for whom a live demonstration was arranged (due to DJI’s subsequent actions), the initial ease with which he gained access is deeply concerning. The company has since acknowledged the vulnerability, citing a "backend permission validation issue" affecting the MQTT communication protocol between devices and servers. This issue theoretically allowed for unauthorized access to live video feeds from Romo devices.

DJI’s official statement indicated that the vulnerability was identified in late January and that remediation efforts were initiated immediately. They claim two updates were deployed, on February 8 and February 10, to address the issue. The company stated that the fix was applied automatically and that no user action was required. However, the timeline provided by DJI appears to conflict with the events as described. Azdoufal’s demonstration to The Verge, showcasing thousands of accessible devices, occurred on Tuesday, February 11th, significantly after DJI claimed the initial patch was deployed. This suggests that the initial remediation was either incomplete or ineffective across all service nodes. DJI’s statement now admits that the second patch was required to fully re-enable and restart the remaining service nodes, indicating a phased and potentially protracted resolution.

The company asserts that "actual occurrences were extremely rare" and that nearly all identified activity was linked to security researchers testing their own devices. While this might be partially true, the ease with which Azdoufal discovered the vulnerability and the sheer number of devices accessible points to a fundamental flaw rather than isolated incidents. The fact that the vulnerability was only fully resolved after external disclosure and confirmation raises questions about DJI’s internal security auditing and incident response processes.

Moreover, the technical details of the exploit underscore broader security concerns. Azdoufal explained that once authenticated as a client on the MQTT broker, the absence of proper topic-level access controls (ACLs) allowed him to subscribe to wildcard topics, effectively granting him access to all messages from all devices. He emphasized that while TLS encryption protects the data in transit, it does not prevent authorized participants within the network from accessing plaintext data at the application layer. This implies that even if the data transmission itself was encrypted, the data residing on DJI’s servers or accessible through their internal network could be exposed if proper access controls were not in place.

This incident is not an isolated event in the realm of smart home security. The consumer electronics market has repeatedly grappled with significant security vulnerabilities in connected devices. In recent years, other robot vacuum manufacturers have faced similar issues. Hackers have compromised Ecovacs robot vacuums, enabling them to chase pets and broadcast offensive language. Reports have also emerged of flaws in Dreame, Ecovacs, and Narwal robot vacuums that could allow unauthorized access to camera feeds and stored photos. This pattern of insecurity suggests a pervasive challenge for manufacturers in adequately securing Internet of Things (IoT) devices that often contain cameras, microphones, and sensitive user data.

The presence of microphones in devices designed for cleaning private residences, such as robot vacuums, is also a point of contention. Azdoufal himself expressed bewilderment at the inclusion of a microphone on a vacuum cleaner, highlighting a potential overreach in data collection capabilities for devices primarily intended for domestic chores. The debate over whether such devices should be equipped with microphones, and how that audio data is handled and secured, is likely to intensify as the IoT ecosystem expands.

DJI’s response, while eventually more transparent, was initially reactive and arguably misleading. The company’s initial statement to The Verge suggested the issue had been resolved prior to public disclosure, a claim contradicted by Azdoufal’s live demonstration. This lack of full transparency, even when addressing a critical vulnerability, can erode consumer trust. While DJI has since provided a more comprehensive statement acknowledging the "backend permission validation issue" and the need for a second patch, the incident underscores the importance of proactive security measures and full, honest disclosure when vulnerabilities are identified.

The broader implications extend to consumer trust in smart home technology and the regulatory landscape surrounding data privacy. Incidents like this can fuel existing concerns about the security practices of companies, particularly those with international operations. The fact that Azdoufal could so readily access devices across different geographical regions, including those outside of China, raises questions about data localization and access by employees regardless of their physical location. As security researcher Kevin Finisterre pointed out, a server’s location in the US does not inherently prevent employees in other regions from accessing the data stored within.

Azdoufal’s decision to publicly disclose his findings, even before what might be considered a standard disclosure timeline for security researchers, stems from a conviction that the issues needed urgent resolution. He argues that adhering strictly to bug bounty programs, which often involve monetary incentives, might not always prioritize rapid remediation for the broader user base. His motivation, he states, was not financial gain but a desire to see the vulnerability fixed. This perspective highlights a tension between established security disclosure protocols and the urgent need to protect consumers from immediate threats.

Looking ahead, this incident serves as a critical case study for both manufacturers and consumers. For DJI, it necessitates a thorough review of their entire IoT security framework, from initial design and development to ongoing maintenance and incident response. This includes implementing robust access controls, ensuring comprehensive end-to-end encryption, and conducting rigorous penetration testing. For consumers, it underscores the importance of researching a product’s security track record, understanding the data its devices collect, and being aware of the potential privacy implications of an increasingly connected home. The future of smart home technology hinges on manufacturers prioritizing security and privacy with the same rigor they apply to functionality and user experience. The continued evolution of AI and connected devices demands a corresponding evolution in our approach to safeguarding digital privacy.