Dji Will Pay $30k To The Man Who Accidentally Hacked 7,000 Romo Robovacs

On Valentine’s Day, I brought you a communicative that’s since made headlines each astir nan world: How 1 man, conscionable trying to steer his DJI robot vacuum pinch a PlayStation gamepad, discovered an full web of 7,000 remote-control DJI robots fresh to fto him peek into different people’s homes.

To beryllium clear, DJI had already begun addressing immoderate of nan related vulnerabilities earlier nan man, Sammy Azdoufal, showed The Verge conscionable really overmuch he could access. But it wasn’t clear whether DJI would salary him for his discovery, peculiarly aft how it treated information interrogator Kevin Finisterre backmost successful 2017 — aliases really soon DJI mightiness afloat spot nan further vulnerabilities that Azdoufal discovered.

Today, we person immoderate of nan answers.

DJI will salary Azdoufal $30,000 for 1 azygous discovery, according to an email he shared pinch The Verge, without specifying which find it’s paying him for. Though DJI is not naming Azdoufal, it confirms to The Verge it has “rewarded” an unnamed information interrogator for their work.

DJI would besides not show america which find it’s paying him for, but says it has already addressed nan other vulnerability Azdoufal recovered wherever personification tin position a DJI Romo video watercourse without needing a information pin. “We tin corroborate that nan PIN codification information study was addressed by precocious February,” sounds a connection provided by DJI spokesperson Daisy Kong.

You mightiness beryllium wondering: What astir nan vulnerability that seemed truthful bad we refused to picture it successful our original story? DJI tells maine it’s moving connected that 1 too: “We person besides started upgrading nan full system. This includes a bid of updates, which we expect will beryllium afloat implemented wrong 1 month.”

DJI has besides published a nationalist blog station today astir strengthening nan DJI Romo’s security, 1 wherever it continues to declare that it discovered nan original rumor itself, while besides crediting “two independent information researchers” for uncovering nan aforesaid problem.

There, DJI seems to beryllium suggesting that everything’s already resolved pinch nan Romo: “Updates person been deployed to afloat resoluteness nan issue.” But again, location wasn’t conscionable 1 vulnerability, and DJI told The Verge that it could return arsenic agelong arsenic different month.

In nan blog post, DJI besides says that nan Romo already has ETSI, EU, and UL certifications for information — which whitethorn raise questions astir really useful those certifications really are if 1 feline pinch Claude Code could entree an full web afloat of robovacs! — and that it will proceed to test, patch, and taxable nan Romo and its app to independent third-party information audits.

DJI writes that it is “committed to deepening our engagement pinch nan information investigation community, and we will soon present caller ways for researchers to partner and collaborate pinch us.”