"A software engineer’s earnest effort to steer his new DJI robot vacuum with a video game controller inadvertently granted him a sneak peak into thousands of people’s homes.

While building his own remote-control app, Sammy Azdoufal reportedly used an AI coding assistant to help reverse-engineer how the robot communicated with DJI’s remote cloud servers. But he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries. The backend security bug effectively exposed an army of internet-connected robots that, in the wrong hands, could have turned into surveillance tools, all without their owners ever knowing.

Luckily, Azdoufal chose not to exploit that. Instead, he shared his findings with The Verge, which quickly contacted DJI to report the flaw. While DJI tells Popular Science the issue has been “resolved,” the dramatic episode underscores warnings from cybersecurity experts who have long-warned that internet-connected robots and other smart home devices present attractive targets for hackers."

https://www.popsci.com/technology/robot-vacuum-army/

#AI #IoT #CyberSecurity #DJII #RobotVaccum

DREAME Matrix10 Ultra Review: A High-End Robot Vacuum Built for Smarter, Deeper Home Cleaning

#OwnPetz #Dreame #Matrix10Ultra #TechReview #RobotVaccum

https://ownpetz.com/blog/article/dreame-matrix10-ultra-review-b5256

#AI #AITraining #Surveillance #Privacy #DataProtection #Ecovacs #Robots #RobotVaccum: "Ecovacs's privacy policy – available elsewhere in the app – allows for blanket collection of user data for research purposes, including:

- The 2D or 3D map of the user's house generated by the device
- Voice recordings from the device's microphone
- Photos or videos recorded by the device's camera

It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs.

An Ecovacs spokesperson confirmed the company uses the data collected as part of its product improvement program to train its AI models.

Critical cybersecurity flaws – allowing some Ecovacs models to be hacked from afar – have cast doubt on the company's ability to protect this sensitive information.

Cybersecurity researcher Dennis Giese reported the problems to the company last year after he found a series of basic errors putting Ecovacs customers' privacy at risk.

"If their robots are broken like that," he asked, "how does their back-end [server] look?

"Even if the company's not malicious, they might be the victim themselves of corporate espionage or nation state actors."

Ecovacs — which is valued at $4.6 billion — said it is "proactively exploring more comprehensive testing methods" and committed to fixing the security issues in its flagship robot vacuum in November."

https://www.abc.net.au/news/2024-10-05/robot-vacuum-deebot-ecovacs-photos-ai/104416632?utm_campaign=abc_news_web&utm_content=twitter&utm_medium=content_shared&utm_source=abc_news_web