A software engineer attempting to control his new DJI robot vacuum with a gaming controller unintentionally uncovered a sweeping security flaw—one that opened a digital window into nearly 7,000 homes across 24 countries. By reverse-engineering how the device communicated with cloud servers—assisted by an AI coding tool—he discovered that the same credentials granting access to his own vacuum also unlocked live camera feeds, microphones, mapping data, and device controls belonging to thousands of other users. What began as a hobby experiment exposed a silent network of internet-connected machines capable of becoming a global surveillance grid.

To his credit, the engineer did not exploit the vulnerability. Instead, he alerted journalists, who contacted DJI. The company says the flaw has since been resolved. Yet the incident reveals something deeper than a patchable software bug. It highlights how modern homes are quietly filling with internet-linked devices—robots that map interiors, record audio, and transmit data to remote servers. As AI coding tools make it easier for amateurs to probe systems, the barrier to entry for discovering—and potentially abusing—these vulnerabilities continues to shrink. The convenience of automation increasingly walks hand-in-hand with unseen exposure.

SOURCE: PopSci