DJI will pay Sammy Azdoufal $30,000 after he accidentally exposed a network of 7,000 remotely accessible Romo robot vacuums, each capable of streaming live camera feeds into strangers' homes.
The discovery started with Azdoufal trying to control his own Romo with a PlayStation gamepad. What he found instead was an unsecured MQTT network giving him eyes inside thousands of other users' residences. DJI had begun patching some vulnerabilities before Azdoufal brought the full scope to The Verge, but the timeline for a complete fix remained unclear.
The payout matters beyond the dollar amount. DJI has a documented history of punishing researchers rather than rewarding them, most notably with security researcher Kevin Finisterre in 2017. Whether this $30K signals a genuine policy shift or a one-off response to public pressure is the question the full story is positioned to answer.
[READ ORIGINAL →]