DJI is paying security researcher Sammy Azdoufal $30,000 after he accidentally uncovered a massive security vulnerability while trying to control his robot vacuum with a PlayStation controller. The flaw exposed a network of 7,000 DJI Romo robot vacuums, potentially allowing remote access to cameras in users' homes. The bounty payment marks a significant shift for DJI, which faced criticism for its handling of security researchers in the past, and brings closure to a Valentine's Day discovery that made global headlines.
DJI just made good on a promise the security research community wasn't sure it would keep. The drone and robotics giant is paying Sammy Azdoufal $30,000 for accidentally discovering a network security flaw that exposed thousands of robot vacuums to potential hijacking.
Azdoufal wasn't hunting for bugs when he made the discovery. He was simply trying to steer his DJI Romo robot vacuum with a PlayStation gamepad, tinkering with the device like any curious tech enthusiast might. What he found instead was an unsecured network of roughly 7,000 remote-control DJI robots, all potentially accessible to anyone who knew where to look. The robots' cameras could theoretically be accessed, creating a significant privacy risk for thousands of households.
The story broke on Valentine's Day when The Verge published Azdoufal's findings, and it quickly made headlines worldwide. But the initial report left two critical questions unanswered: Would DJI pay Azdoufal for his discovery? And how quickly would the company patch the vulnerabilities?
The $30,000 payment addresses the first concern. For DJI, it's more than just compensation - it's a statement. The company has a complicated history with security researchers, particularly after its treatment of Kevin Finisterre in 2017. Finisterre discovered vulnerabilities in DJI's systems and attempted to work with the company through its bug bounty program, but the relationship soured amid disputes over disclosure. The incident left a stain on DJI's reputation in the security community.
