IoT Security Risks: What a Robot Vacuum, a Fleet of Buses, and a Capital City Have in Common

IoT security risks are no longer a niche concern for network engineers. They are a board-level issue, a geopolitical weapon, and, as six recent stories show, an alarmingly consistent consequence of an industry that has prioritised convenience over security at almost every turn. From a hobbyist accidentally unlocking 7,000 robot vacuums, to a nation-state using shop CCTV to track and eliminate a country’s military leadership, the smart device vulnerabilities that manufacturers have been slow to address are now being exploited at a scale that affects everyone.

A developer wanted to control his DJI robot vacuum with a PlayStation 5 controller. To do that, he needed to understand how the device authenticated with DJI’s cloud platform. Using Claude Code to assist with the reverse engineering, he extracted the access key from his own device — and discovered it was effectively a master key for the entire platform.

With a single credential, he had access to the camera feeds, audio, and home floor plans of approximately 7,000 DJI vacuum customers. The floor plan detail is worth pausing on: robot vacuums map your home so they can clean it efficiently. That data doesn’t stay on the device. It sits on the manufacturer’s servers — in this case, with no segregation and no meaningful access controls between accounts.

He disclosed everything responsibly through DJI’s security channel. DJI fixed the issue entirely server-side — no client updates required, which confirms the failure was architectural rather than device-level. He reportedly received a $30,000 USD bug bounty.

Two things stand out. First, the researcher wasn’t a skilled hacker — AI-assisted development tools have significantly lowered the barrier to this kind of security research. Second, the root cause wasn’t a subtle vulnerability. It was a fundamental design failure: one credential, no account isolation, all data accessible. This is what ‘ship fast’ culture looks like when it meets connected device security — and it is one of the most common IoT security risks organisations and consumers face today.

DJI is a major, well-resourced brand. The same IoT security risks apply with even more force to the cheaper end of the market — the unbranded smart plugs, light switches, and cameras that ship in volume from manufacturers who have never had a security audit and never will.

Pwn2Own Automotive is a security research competition where teams attempt to find and exploit zero-day vulnerabilities in connected vehicles. At a recent event, researchers identified 37 zero-day vulnerabilities in a single Tesla Model 3 in a single day — a stark illustration of the IoT security risks embedded in modern transport.

One of the more significant findings involved the IMSI protocol — the mechanism mobile chips use to register with cell networks. By standing up a fake cell tower, researchers were able to intercept vehicle telemetry and disrupt communications. Once inside at that layer, the attack surface extends further: injecting alerts into the car’s notification system, interfering with navigation, and potentially influencing driver behaviour through social engineering delivered directly to the dashboard.

The strategic implications scale quickly. A connected vehicle fleet that can be remotely disabled represents a significant lever in a conflict scenario — not by causing accidents, but by simply preventing vehicles from restarting. Streets blocked, supply chains disrupted, populations unable to get to work. It is a capability that would have been science fiction a decade ago.

The IoT supply chain risk dimension is already playing out in the real world. Norway purchased a fleet of smart buses from a Chinese manufacturer. A researcher found hidden wireless receivers in the vehicles — components that appeared on no blueprint or specification. The buses have since been taken to shielded facilities and stripped. Similar undisclosed wireless transmitters have been found in Chinese-manufactured solar inverters and smart grid components deployed across Western infrastructure.

The challenge isn’t always manufacturer intent. Vehicle manufacturers source components from hundreds of suppliers. A wireless chip that sat in a warehouse for two years before installation may be running firmware with known vulnerabilities that nobody updated. The IoT security risks introduced by third-party components are just as real as those in the manufacturer’s own code — and considerably harder to track.

Israel spent years systematically compromising street-facing cameras across Tehran — road cameras, retail CCTV, residential smart doorbells, private security systems. Essentially any connected device with a lens pointed at a public street.

Combined with signals intelligence, intercepted communications, and satellite imagery, this camera network fed an AI-powered targeting system capable of building what analysts described as ‘patterns of life’ data across the entire city. The system could reportedly return GPS coordinates accurate to four decimal places for a given target, in real time.

One notable element of the intelligence tradecraft: rather than attempting to track senior figures directly — who would have their own security protocols — analysts focused on bodyguards. Lower personal security, more predictable movements, and their patterns reliably indicated where their principals would be.

The result, when the operation was executed, was the reported elimination of virtually the entire senior Iranian military leadership, including expected succession figures.

The connection back to IoT security risks is direct. The vulnerabilities exploited were not in hardened government systems. They were in the same category of poorly secured commercial devices discussed above — the kind any household or small business might install without a second thought. The smart device vulnerabilities in your corner shop’s CCTV system are not just your corner shop’s problem.

Anthropic has operated as a US military contractor since 2024. During recent contract renegotiations, the Department of Defense sought unrestricted access to Claude across 22 areas, including mass surveillance capabilities and autonomous weapons control — specifically, AI-powered control of autonomous robotic systems.

Anthropic declined. The DoD’s response was to designate Anthropic a supply chain risk — a classification that would, in theory, require Claude to be removed from all federal and state government systems — and to terminate existing contracts that were still within their agreed terms.

Anthropic is now suing the US government. The legal argument centres on First Amendment protections: that a company’s right to free speech protects it from government retaliation for refusing to alter its product in ways it considers harmful. The case is currently at state level but is widely expected to reach the Supreme Court.

The supply chain risk designation has not, in practice, resulted in Claude being removed from government use. There is no ready replacement, and the agencies that depend on it are not in a position to switch overnight. The designation appears to function more as political pressure than genuine security policy.

The broader regulatory picture: the EU is developing AI governance frameworks. The US is moving in the opposite direction. China has no equivalent regulation. The tension is real — meaningful AI regulation slows development, and in a race-to-AGI environment, any country that slows down risks ceding ground to one that doesn’t.

The race to artificial general intelligence is real, but the compute constraints are also real. The major AI companies have bought up essentially all available GPU memory and pre-committed to the next two years of production capacity. The global semiconductor supply chain — TSMC, a small number of other fabs, and emerging Chinese manufacturing — is not keeping pace with demand. The physical infrastructure for AGI does not yet exist at the required scale.

Quantum computing is the architecture most likely to change this picture fundamentally. Unlike classical computing — which, from room-sized transistor machines to modern CPUs, has always been switches turning on and off — quantum computing operates on entirely different principles at the hardware level. The potential uplift in compute capability is significant.

Quantum systems require helium for cooling. A meaningful proportion of global helium supply passes through the Strait of Hormuz. Current tensions around the strait are therefore relevant not just to energy markets but to quantum computing timelines — and, less obviously, to conventional hard drive manufacturing, since modern high-capacity drives use helium to reduce friction on spinning platters. The supply chain dependencies for advanced computing run through some geopolitically unstable territory.

On the question of what AGI might look like when it arrives: two thought experiments are worth knowing. Roko’s Basilisk posits a future AI that retroactively punishes individuals who, upon learning of its existence, chose not to work toward bringing it about. Tom Scott’s Earworm video — made eight years ago — traces how a narrowly-tasked agentic AI, given a single misconfigured objective, could follow its goal to increasingly extreme conclusions. It was speculative at the time. Agentic AI systems are now something organisations are actively building and deploying.

A recent research paper demonstrated that maintaining separate online identities is becoming effectively impossible to sustain. Researchers built an agentic LLM system to match anonymous profiles to real identities using only behavioural patterns and extractable facts — no access to private data, no breaches, no hacking.

To validate without creating privacy issues, they used Hacker News users who had publicly linked their LinkedIn profiles, then removed those links and tasked the system with re-establishing the connections. On a curated dataset, it achieved an 85% match rate with 96% accuracy.

Writing style, expressed opinions, incidental facts mentioned in posts: all of it constitutes a fingerprint that is now machine-readable at scale. The implications extend beyond trolls and bad actors — whistleblowers, journalists’ sources, activists in restrictive environments, and anyone who has ever assumed that a username provides meaningful cover.

A robot vacuum, a fleet of Norwegian buses, a capital city’s surveillance infrastructure, and an AI company’s legal dispute with the Pentagon are all connected by the same dynamic: IoT security risks and the broader security consequences of connected technology are consistently being treated as secondary concerns — by manufacturers, by governments, and by the organisations deploying these systems.

The gap between what connected device security requires and what has actually been implemented is wide, well-documented, and being actively exploited. Closing it requires treating security as a first principle rather than a feature to be added later — at the device level, the architecture level, and the supply chain level.

The stories in this episode aren’t edge cases. They’re what happens when connected devices are deployed without security built in — and the consequences range from embarrassing to catastrophic. The uncomfortable truth is that most organisations have IoT devices on their network that nobody has properly assessed, components in their supply chain that nobody has scrutinised, and a security posture that was designed for a world that no longer exists.

Don’t wait for your equivalent of the master key moment.

We help businesses across the UK understand their real-world exposure and build security strategies that hold up — from connected device audits to broader cyber resilience. Get in touch to find out how we can help.