\n<\/p>\n
A Spanish software engineer reportedly contacted a New York-based tech outlet recently to reveal he had remotely taken control of about 7,000 vacuum cleaners worldwide, in the process shedding light on a broad vulnerability with smart products, according to a cybersecurity expert.<\/p>\n
The Verge reported that the situation came to light when Sammy Azdoufal was trying to reverse-engineer his new DJI Romo vacuum so that he could control it with his Playstation 5 gamepad.<\/p>\n
Azdoufal soon discovered that when his self-styled remote control app started communicating with DJI\u2019s servers, \u201cit wasn\u2019t just one vacuum cleaner that replied. Roughly 7,000 of them, all around the world, began treating Azdoufal like their boss.\u201d<\/p>\n
Azdoufal found that he could look and listen through the vacuums\u2019 live camera feeds and collected more than 100,000 messages from the devices. He could also use any robot\u2019s internet protocol \u2013 or IP \u2013 address to determine its approximate location.<\/p>\n
Azdoufal reportedly said he was not trying to hack into other devices. And, in fact, he contacted the Verge to inform the publication of the vulnerability.<\/p>\n
DJI reported \u2013 and others confirmed \u2013 that it had since solved the problem.<\/p>\n
But Azdoufal, who is listed as the head of artificial intelligence at a property management and travel group in Spain, is not alone in discovering such a flaw among smart products. Other similar episodes illustrate that for some manufacturers of such products, \u201csecurity is a bit of an afterthought\u201d, said Alan Woodward, a professor of computer science at England\u2019s University of Surrey.<\/p>\n
\u201cThere is this idea that you move fast and break things, and you have got to innovate to be in the market, to be the cheapest, to have new features,\u201d Woodward said in an interview on Tuesday. \u201cBut the trouble is, the lesson was learned very early on in software development, that if you do that, you will end up with security vulnerabilities.\u201d<\/p>\n
The smart device industry has grown significantly in recent years. And the smart home market is projected to hit $139bn by 2032, the research firm MarketsandMarkets reports.<\/p>\n
While people purchase such devices to make their lives easier, hackers have paradoxically also had an easier time invading people\u2019s privacy. In addition to the vacuums, hackers have been able to control lighting systems, locks, security cameras, a baby monitor and a heating system, according to a study in the Journal of Information Security and Applications.<\/p>\n
In the case of the vacuums, Azdoufal could gain control of them because the credentials for his device allowed him to access the others.<\/p>\n
Companies can avoid this issue by forcing consumers to establish their own passwords before using a product for the first time, Woodward said.<\/p>\n
Manufacturers also need to ensure that people designing, building and writing software are \u201cfully aware of how security can be compromised\u201d, Woodward said. \u201cIt\u2019s not just somebody writing one element of the software.<\/p>\n
\u201cIt\u2019s \u2018How does the software on, in this case, the vacuum cleaner, interact with the server, interact with your phone?\u2019\u201d<\/p>\n
Consumers should also consider whether the potential benefits of a smart device outweigh the privacy risks, Woodward said.<\/p>\n
\u201cJust because you can doesn\u2019t mean you should,\u201d he said.<\/p>\n
DJI thanked Azdoufal on X for reporting the vulnerability.<\/p>\n
\u201cYour responsible feedback is extremely valuable to us,\u201d the company stated.<\/p>\n
In a misspelled post, Azdoufal also announced on the platform: \u201cYou can officially call me \u2018the vaccum guy\u2019 you can\u2019t imagine how many free vaccum people offering me. Damn.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"
A Spanish software engineer reportedly contacted a New York-based tech outlet recently to reveal he had remotely taken control of about 7,000 vacuum cleaners worldwide, in the process shedding light on a broad vulnerability with smart products, according to a cybersecurity expert. The Verge reported that the situation came to light when Sammy Azdoufal was<\/p>\n","protected":false},"author":1,"featured_media":45254,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[97,5787,18939,11102,11454,4000,646,714,656,10264],"class_list":{"0":"post-45253","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"tag-control","9":"tag-devices","10":"tag-engineer","11":"tag-flaw","12":"tag-gaining","13":"tag-reports","14":"tag-smart","15":"tag-spain","16":"tag-spanish","17":"tag-vacuums"},"_links":{"self":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts\/45253","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=45253"}],"version-history":[{"count":0,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts\/45253\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/media\/45254"}],"wp:attachment":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=45253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=45253"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=45253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}