DJI Romo robot vacuum vulnerability: Difference between revisions

Line 11:

}}

~~'''DJI Romo remote access vulnerability''' was a~~ critical cloud infrastructure flaw ~~that~~ exposed the live camera feeds, microphone audio, and 2D floor plans of consumers to unauthorized remote access. DJI's backend servers inadvertently granted wildcard access<ref name="Medium">{{Cite web |author=Medium |date=February 17, 2026 |title=DJI Romo Security Breach: Researcher Remotely Accessed 7,000 Home Cameras, and One Hole Remains |url=https://medium.com/@hayekesteloo/dji-romo-security-breach-researcher-remotely-accessed-7-000-home-cameras-and-one-hole-remains-f6e0114f11cf |work=Medium}}</ref> to over 10,000 total devices, which included approximately 6,700 DJI Romo robot vacuums and DJI Power portable battery stations.<ref name="Overspill">{{Cite web |author=The Overspill |date=February 25, 2026 |title=Robot vacuum world control China start-up |url=https://theoverspill.blog/2026/02/25/robot-vacuum-world-control-china-start-up-2617/ |work=The Overspill}}</ref> The vulnerability was discovered in late January and patched in February 2026.<ref name="RedState">{{Cite web |last=Smith |first=Ben |date=February 24, 2026 |title=Chinese Tech Flaw Exposed Live Feeds From Thousands of American Homes |url=https://redstate.com/ben-smith/2026/02/24/chinese-tech-flaw-exposed-live-feeds-from-thousands-of-american-homes-n2199504 |work=RedState}}</ref>

A critical cloud infrastructure flaw exposed the live camera feeds, microphone audio, and 2D floor plans of consumers to unauthorized remote access. DJI's backend servers inadvertently granted wildcard access<ref name="Medium">{{Cite web |author=Medium |date=February 17, 2026 |title=DJI Romo Security Breach: Researcher Remotely Accessed 7,000 Home Cameras, and One Hole Remains |url=https://medium.com/@hayekesteloo/dji-romo-security-breach-researcher-remotely-accessed-7-000-home-cameras-and-one-hole-remains-f6e0114f11cf |work=Medium}}</ref> to over 10,000 total devices, which included approximately 6,700 DJI Romo robot vacuums and DJI Power portable battery stations.<ref name="Overspill">{{Cite web |author=The Overspill |date=February 25, 2026 |title=Robot vacuum world control China start-up |url=https://theoverspill.blog/2026/02/25/robot-vacuum-world-control-china-start-up-2617/ |work=The Overspill}}</ref> The vulnerability was discovered in late January and patched in February 2026.<ref name="RedState">{{Cite web |last=Smith |first=Ben |date=February 24, 2026 |title=Chinese Tech Flaw Exposed Live Feeds From Thousands of American Homes |url=https://redstate.com/ben-smith/2026/02/24/chinese-tech-flaw-exposed-live-feeds-from-thousands-of-american-homes-n2199504 |work=RedState}}</ref>

== Background ==

@@ Line 11: / Line 11: @@
 }}
-'''DJI Romo remote access vulnerability''' was a critical cloud infrastructure flaw that exposed the live camera feeds, microphone audio, and 2D floor plans of consumers to unauthorized remote access. DJI's backend servers inadvertently granted wildcard access<ref name="Medium">{{Cite web |author=Medium |date=February 17, 2026 |title=DJI Romo Security Breach: Researcher Remotely Accessed 7,000 Home Cameras, and One Hole Remains |url=https://medium.com/@hayekesteloo/dji-romo-security-breach-researcher-remotely-accessed-7-000-home-cameras-and-one-hole-remains-f6e0114f11cf |work=Medium}}</ref> to over 10,000 total devices, which included approximately 6,700 DJI Romo robot vacuums and DJI Power portable battery stations.<ref name="Overspill">{{Cite web |author=The Overspill |date=February 25, 2026 |title=Robot vacuum world control China start-up |url=https://theoverspill.blog/2026/02/25/robot-vacuum-world-control-china-start-up-2617/ |work=The Overspill}}</ref> The vulnerability was discovered in late January and patched in February 2026.<ref name="RedState">{{Cite web |last=Smith |first=Ben |date=February 24, 2026 |title=Chinese Tech Flaw Exposed Live Feeds From Thousands of American Homes |url=https://redstate.com/ben-smith/2026/02/24/chinese-tech-flaw-exposed-live-feeds-from-thousands-of-american-homes-n2199504 |work=RedState}}</ref>
+A critical cloud infrastructure flaw exposed the live camera feeds, microphone audio, and 2D floor plans of consumers to unauthorized remote access. DJI's backend servers inadvertently granted wildcard access<ref name="Medium">{{Cite web |author=Medium |date=February 17, 2026 |title=DJI Romo Security Breach: Researcher Remotely Accessed 7,000 Home Cameras, and One Hole Remains |url=https://medium.com/@hayekesteloo/dji-romo-security-breach-researcher-remotely-accessed-7-000-home-cameras-and-one-hole-remains-f6e0114f11cf |work=Medium}}</ref> to over 10,000 total devices, which included approximately 6,700 DJI Romo robot vacuums and DJI Power portable battery stations.<ref name="Overspill">{{Cite web |author=The Overspill |date=February 25, 2026 |title=Robot vacuum world control China start-up |url=https://theoverspill.blog/2026/02/25/robot-vacuum-world-control-china-start-up-2617/ |work=The Overspill}}</ref> The vulnerability was discovered in late January and patched in February 2026.<ref name="RedState">{{Cite web |last=Smith |first=Ben |date=February 24, 2026 |title=Chinese Tech Flaw Exposed Live Feeds From Thousands of American Homes |url=https://redstate.com/ben-smith/2026/02/24/chinese-tech-flaw-exposed-live-feeds-from-thousands-of-american-homes-n2199504 |work=RedState}}</ref>
 == Background ==