Smart home devices are sold with the promise of convenience: plug-and-play setup, remote control, automatic updates, seamless integration. But the recent DJI robot vacuum breach raises questions we should all be asking.
What happened?
Sammy Azdoufal, a software engineer, didn’t even need to “hack” anything. By reverse-engineering DJI’s cloud communication, he discovered that the same credentials for his own device also granted access to 7,000 others. Cameras, microphones, even floor plans — all exposed.
DJI claims the issue is fixed, but to me the incident raises a fundamental question: Do these devices really need to make cameras and microphones accessible from the internet?
The Myth of Perfect Security
Shouldn’t we accept that 100% security is just impossible. Obviously, even companies like DJI, with resources and expertise, aren’t immune. But shouldn’t we acknowledge that breaches will happen?
What if smart devices stored data locally by default and only synced when explicitly needed? What if users could at least choose between internet exposure and local/VPN-only access?
Yes, there might be technical challenges. But let’s be honest: Does a vacuum cleaner really need to expose its camera feed and microphone to the internet? For status updates? For remote control?
And even if we say: okay some users really really want it. Why can’t we just have the option to turn reachability via internet on or off?
But nowadays the only solution seems to be: just don’t buy devices that are “too” smart.
