{"id":117226,"date":"2026-02-19T07:34:07","date_gmt":"2026-02-19T07:34:07","guid":{"rendered":"https:\/\/www.europesays.com\/ro\/117226\/"},"modified":"2026-02-19T07:34:07","modified_gmt":"2026-02-19T07:34:07","slug":"mii-de-aspiratoare-de-la-dji-au-putut-fi-controlate-de-la-distanta-din-cauza-securitatii-precare","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ro\/117226\/","title":{"rendered":"Mii de aspiratoare de la DJI au putut fi controlate de la distan\u021b\u0103 din cauza securit\u0103\u021bii precare"},"content":{"rendered":"<p>\u00cen \u00eencercarea de a-\u0219i controla propriul aspirator DJI Romo folosind un <a href=\"https:\/\/www.connect.ro\/2022\/06\/30\/review-razer-kishi-v2\/\" rel=\"nofollow noopener\" target=\"_blank\">controller<\/a> de <a href=\"https:\/\/www.connect.ro\/2022\/01\/12\/sony-produce-ps4-lipsa-stocuri-ps5\/\" rel=\"nofollow noopener\" target=\"_blank\">PlayStation<\/a> 5, Sammy Azdoufal, un specialist \u00een inteligen\u021b\u0103 artificial\u0103, a \u201espart\u201d din gre\u0219eal\u0103 securitatea sistemelor <a href=\"https:\/\/www.connect.ro\/2022\/06\/30\/romania-inregistreaza-aproape-jumatate-din-vanzarile-online-din-europa-de-est%ef%bf%bc\/\" rel=\"nofollow noopener\" target=\"_blank\">online<\/a> ale produc\u0103torului. \u00cen momentul \u00een care aplica\u021bia sa artizanal\u0103 a \u00eenceput s\u0103 comunice cu infrastructura produc\u0103torului, sistemul nu i-a returnat doar datele propriului echipament, ci \u0219i informa\u021bii provenind de la aproximativ 7.000 de aspiratoare DJI Romo din 24 de \u021b\u0103ri diferite.<\/p>\n<p>Pentru a reu\u0219i acest lucru, el a apelat la asistentul virtual Claude Code pentru a realiza un proces rapid de inginerie invers\u0103 asupra protocoalelor de comunicare. Nivelul de acces ob\u021binut accidental este \u00eengrijor\u0103tor pentru intimitatea utilizatorilor casnici. Azdoufal a descoperit c\u0103 poate controla de la distan\u021b\u0103 mi\u0219c\u0103rile aspiratoarelor str\u0103ine \u0219i poate prelua f\u0103r\u0103 alerte feed-ul live al camerelor video \u0219i al microfoanelor integrate. Mai mult, platforma \u00eei oferea pe tav\u0103 h\u0103r\u021bile 2D complete ale locuin\u021belor cartografiate de robo\u021bi, al\u0103turi de adresa IP care tr\u0103da loca\u021bia aproximativ\u0103 a fiec\u0103rei familii.<\/p>\n<p>Partea cu adev\u0103rat \u00eengrijor\u0103toare a acestei situa\u021bii este c\u0103 Azdoufal nu a folosit nicio tehnic\u0103 avansat\u0103 de hacking, excluz\u00e2nd total atacurile de tip brute force. El a extras pur \u0219i simplu token-ul privat al propriului s\u0103u aspirator pentru a se autentifica \u00een mod legitim pe serverele MQTT apar\u021bin\u00e2nd companiei DJI. Acolo a descoperit o lips\u0103 catastrofal\u0103 a filtrelor de control al accesului (ACL) la nivel de aplica\u021bie, serverul transmi\u021b\u00e2nd oric\u0103rui utilizator conectat absolut toate datele disponibile \u00een re\u021beaua regional\u0103.<\/p>\n<p><a href=\"https:\/\/www.europesays.com\/ro\/wp-content\/uploads\/2026\/02\/dji-romo-api-communications-reve.jpg.webp.webp\"><img fetchpriority=\"high\" decoding=\"async\" width=\"2179\" height=\"1324\" src=\"https:\/\/www.europesays.com\/ro\/wp-content\/uploads\/2026\/02\/dji-romo-api-communications-reve.jpg.webp.webp\" alt=\"\" class=\"wp-image-447918\"  \/><\/a><\/p>\n<p>De\u0219i gigantul tehnologic s-a ap\u0103rat afirm\u00e2nd c\u0103 folose\u0219te infrastructura cloud AWS \u00een Statele Unite \u0219i cripteaz\u0103 ferm transmisiunile prin standardul TLS, protec\u021bia s-a dovedit a fi doar o fa\u021bad\u0103. Protocolul TLS securiza \u00eentr-adev\u0103r fluxul principal de date \u00eempotriva intercept\u0103rilor externe, dar \u00een interiorul re\u021belei MQTT informa\u021biile circulau complet necriptate, \u00een format text clar. Astfel, orice client validat de sistem putea s\u0103 citeasc\u0103 detaliile tuturor celorlalte dispozitive f\u0103r\u0103 niciun fel de obstacol tehnic.<\/p>\n<p>Patch-uri \u00eent\u00e2rziate \u0219i vulnerabilit\u0103\u021bi active<\/p>\n<p>Pus\u0103 \u00een fa\u021ba dovezilor, compania DJI a reac\u021bionat, a t\u0103iat temporar accesul extern \u0219i a declarat oficial c\u0103 a identificat problema, implement\u00e2nd dou\u0103 patch-uri de securitate. Reprezentan\u021bii brandului au insistat c\u0103 exploat\u0103rile reale ale acestei bre\u0219e au fost extrem de rare, limit\u00e2ndu-se \u00een mare parte la cercet\u0103torii care efectuau teste de siguran\u021b\u0103 cibernetic\u0103. Cu toate acestea, rezolvarea tehnic\u0103 oferit\u0103 de produc\u0103tor pare s\u0103 fie doar una par\u021bial\u0103 \u0219i f\u0103cut\u0103 \u00een grab\u0103.<\/p>\n<p>Conform <a href=\"https:\/\/www.theverge.com\/tech\/879088\/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">The Verge<\/a>, specialistul a demonstrat public c\u0103 anumite vulnerabilit\u0103\u021bi au r\u0103mas \u00eenc\u0103 active \u00een sistemul aspiratoarelor Romo. De exemplu, un utilizator poate viziona propriul flux video de supraveghere f\u0103r\u0103 a i se mai solicita introducerea codului PIN de siguran\u021b\u0103, o eroare grav\u0103 pe care compania a promis c\u0103 o va repara abia \u00een s\u0103pt\u0103m\u00e2nile urm\u0103toare. Acest incident nu face dec\u00e2t s\u0103 confirme o tendin\u021b\u0103 general\u0103 pe pia\u021ba de smart home, modele concurente de top de la Ecovacs, Dreame sau Narwal confrunt\u00e2ndu-se recent cu bre\u0219e la fel de invazive de confiden\u021bialitate.<\/p>\n","protected":false},"excerpt":{"rendered":"\u00cen \u00eencercarea de a-\u0219i controla propriul aspirator DJI Romo folosind un controller de PlayStation 5, Sammy Azdoufal, un&hellip;\n","protected":false},"author":2,"featured_media":117227,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[15682,36360,41,40,38,39,6134,5209,141,124,17529],"class_list":{"0":"post-117226","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tehnologie","8":"tag-aspirator-robot","9":"tag-dji-romo","10":"tag-ro","11":"tag-romana","12":"tag-romania","13":"tag-romanian","14":"tag-securitate-cibernetica","15":"tag-smart-home","16":"tag-technology","17":"tag-tehnologie","18":"tag-vulnerabilitate"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@ro\/116096143356191427","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/posts\/117226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/comments?post=117226"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/posts\/117226\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/media\/117227"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/media?parent=117226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/categories?post=117226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ro\/wp-json\/wp\/v2\/tags?post=117226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}