Engineer receives $30,000 for exposing a vulnerability affecting 7,000 robot vacuum cleaners — tinkerer just wanted to drive his robot vacuum with a PS5 controller

DJI has awarded a software engineer, Sammy Azdoufal, $30,000 for discovering a critical vulnerability in its cloud backend that exposed 7,000 robot vacuum cleaners to potential access. Azdoufal's initial goal was to control his DJI Romo vacuum with a PS5 controller. By reverse-engineering DJI's cloud servers, he unintentionally gained access to live camera feeds, audio, and IP addresses of homes using DJI Romos in 24 countries. DJI has since patched the vulnerability, but questions remain about the reward and the speed of patching.