All articles tagged with #iot security
A security vulnerability in DJI's Romo robot vacuums allowed a remote attacker to hijack about 6,700 devices across 24 countries using only their 14-digit serial numbers, granting access to live video, audio, and home floor plans. The flaw was demonstrated by Sammy Azdoufal and has been fixed by DJI, but the incident underscores ongoing privacy and security risks in internet-connected home devices.
A software engineer used an AI coding assistant to reverse‑engineer how a DJI Romo robot vacuum talks to its cloud servers, revealing a backend vulnerability that let him access live video, audio, and maps from about 7,000 connected vacuums across 24 countries; DJI said the issue was resolved after reporting, highlighting privacy risks in smart-home devices.
Cybersecurity researchers have uncovered a nine-month campaign where the RondoDox botnet exploited the critical React2Shell vulnerability (CVE-2025-55182) to hijack IoT devices and web servers, deploying malware, cryptocurrency miners, and Mirai variants, with the threat still active as of December 2025. Organizations are urged to update vulnerable software, segment IoT devices, and enhance monitoring to prevent infection.
NIST has finalized a new lightweight cryptography standard based on Ascon algorithms to protect small, resource-constrained devices like IoT gadgets, RFID tags, and medical implants from cyberattacks, offering various options for encryption, hashing, and future expandability.
The FBI warns that over 10 million Android devices, including IoT gadgets and smart devices, are infected with the BadBox 2.0 botnet, which is used for criminal activities. Google has taken legal action and updated protections, but users are advised to disconnect suspicious devices from their networks to prevent further harm.