‘Scale of exposure expands instantly’: Tech failure reveals interior details of thousands of homes
Another Chinese tech has failed, and in doing so, revealed online the interior details of thousands of private homes.
An analysis at RedState warned that the problem is bigger than just having the layout of your home’s interior available to strangers.
“There is no evidence of malicious exploitation in this instance. But the vulnerability illustrates how quickly visibility can scale when cloud permissions fail,” it said. “Interior mapping data is not just cleaning telemetry. It is a digital blueprint of private living spaces. When that blueprint is stored, validated, and routed through foreign-operated cloud infrastructure governed by a different legal system, the implications extend beyond consumer privacy and into questions of oversight, accountability, and national control.”
It added that 7,000 homes across two dozen countries were briefly held up by a flawed validation system.
“In an era of rising scrutiny over Chinese technology operating inside critical systems, this episode will not calm skeptics who worry about data concentration and foreign visibility. When the architecture of the modern American home runs through distant cloud servers controlled by companies already under national security review, privacy stops being a feature setting. It becomes a sovereignty question.”
The problem developed with the tech used by one of the companies that sells to consumers robo-vacuums.
Those machines are unleashed in a room, and use tech to run themselves and clean floor coverings.
It was a “security vulnerability” that was linked to DJI’s $2,000 Romo robot vacuum that caused the problem.
And the result was that data from nearly 7,000 such machines, operating in dozens of countries, was accessed.
“These are not simple appliances. They are internet-connected sensors mapping bedrooms, kitchens, hallways, and living rooms in real time. Rather than just verifying a single token, the servers granted access for a small army of robots, essentially treating him as their respective owner. That slip-up meant Azdoufal could tap into their real-time camera feeds and activate their microphones. He also claims he could compile 2D floor plans of the homes the robots were operating in,” RedState said.
It happened during a live demonstration of the tech, the report said.
“Roughly 7,000 of them, all around the world, began treating Azdoufal like their boss. He could remotely control them, and look and listen through their live camera feeds,” the report said.
DJI said it deployed patches to fix the problem, and that may have closed one open door, the article warned, but “It does not eliminate the architecture that made it possible.”
It said, “In plain terms, centralized cloud systems create centralized risk. Encryption in transit does not prevent overly broad permissions from exposing sensitive information once it is inside the system. If interior mapping data and live feeds are aggregated behind a single validation layer, the scale of exposure expands instantly when that layer fails.”