Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
On Valentine’s Day, I brought it to you A story that has since made headlines around the world: How a man, who was just trying to direct his DJI robot vacuum using a PlayStation gamepad, discovered an entire network of 7,000 DJI remote control robots ready to let him peek into other people’s homes.
To be clear, DJI had already begun to address some of the related vulnerabilities before the man, Sami Azdoval, came along. Edge Just how far he can reach. But it wasn’t clear whether DJI would pay him for his discovery, especially after that How I approached security researcher Kevin Finisterre in 2017 – Or when DJI may be able to fully patch the additional vulnerabilities discovered by Azduval.
Today, we have some answers.
DJI will pay Azdoufal $30,000 for one discovery, according to an email he shared with him. Edgewithout specifying what discovery he is being paid for. Although DJI did not mention Azduval’s name, it confirms it Edge It “rewarded” an unnamed security researcher for his work.
DJI also won’t tell us what discovery it’s paying it for, but it says it has already addressed the additional vulnerability Azdoufal found so anyone can watch DJI Romo’s video stream without needing a security pin. “We can confirm that the PIN security observation was processed by late February,” said a statement provided by DJI spokesperson Daisy Kong.
You may be wondering: What about the vulnerability that looked so bad that we refused to describe it in our original story? DJI told me it’s working on that as well: “We’ve also started upgrading the entire system. This includes a series of updates, which we expect to be fully implemented within one month.”
DJI also posted Public blog post today About enhancing DJI Romo’s security, it continues to claim that it discovered the original issue itself, while also crediting “two independent security researchers” for finding the same issue.
There, DJI seems to suggest that all is well actually Resolved with Romo: “Updates have been deployed to fully resolve the issue.” But again, there wasn’t just one vulnerability, DJI said Edge It may take up to another month.
In the blog post, DJI also says that Romo already has ETSI, EU, and UL certifications for security – which might raise questions about how useful these certifications would really be if one person with the Claude Code had access to an entire network full of Robofax! – and that it will continue to test, debug and submit Romo and its application to independent third-party security audits.
DJI wrote that it is “committed to deepening our engagement with the security research community, and we will soon offer new ways for researchers to engage and collaborate with us.”