Man’s attempt to control robot vacuum accidentally hacks 7,000 devices
A recent engineering project to connect a DJI Romo robot to a gaming console unexpectedly revealed a security issue that could put many homes at risk.
Today’s homes are filled with smart devices that make our lives easier. From thermostats that learn when we’re home to refrigerators that keep track of our groceries, these gadgets are everywhere. However, along with their convenience comes a significant concern: our privacy. Many of these devices come with features like cameras and microphones, which can pose risks to our personal information. A recent security issue involving robot vacuums is proof of how easily consumer privacy is compromised through unintended technical exploits.
The robot at the center of the controversy is the DJI Romo, an autonomous home vacuum that first launched in China last year and is now being sold in other countries as well. Priced at around $1,899 currently in the USA, these vacuums have high-resolution cameras and sensors primarily for advanced navigation and obstacle avoidance. Additionally, the manufacturer markets these cameras as home security devices, allowing owners to remotely patrol a house and check on pets via live video feeds while away.
What happened
Sammy Azdoufal, a software engineer, attempted to customize a DJI Romo vacuum cleaner. Azdoufal wanted to connect the vacuum to a PlayStation 5 console to manually steer it with a game controller while viewing the camera feed on a television. To facilitate the coding process, he utilised an AI assistant to help reverse-engineer the communication protocols between the vacuum and the cloud servers.
Instead of establishing a private link to a single unit, the code granted Azdoufal access to the backend data of approximately 7,000 active devices across 24 countries. Through a gaming console, he was able to see live camera feeds from inside thousands of private residences. The vulnerability also exposed detailed floor plans of those homes and provided the approximate physical locations of the units based on IP addresses.
Azdoufal clarified that he never targeted the company’s central servers. He simply found information that was available because of poor backend authentication. The system used a logic where a valid token from one device allowed access to the entire fleet’s data stream. Alarmed by this ease of access, Azdoufal reached out to journalists and the company to report the problem. As a result, the company took action and released two important updates to fix the issue. An initial patch was deployed on February 8, 2026, followed by a final security update on February 10, 2026. These updates were automatically sent to all connected devices to ensure everyone’s safety.
This incident surprised many people, and a lot of them think the company should have been aware that something like this could occur. Others speculated that they must have known already but failed to inform the customers. One person wrote, “None of this should be a surprise. That’s why programmers who have worked on smart home tech don’t have it in their homes!”
As technology continues to advance rapidly, many people are losing their faith in these high-tech tools. One commenter, who works in the same field, mentioned, “As a person in the same field, the safest part of this whole technology is the smart bulbs/lights. Nothing else qualifies if you have to say ‘Hey’ to it.” Another person wrote, “You’re better off going back to a low-tech life without any kind of cameras or microphones in any of your tech. AI is gonna destroy what’s left of our freedoms.”
Why this matters
There is still a huge gap in how smart home technology is built. When a single engineer can stumble into the private lives of thousands of people using a PlayStation and basic code, it is obvious that security is often ignored in favor of getting products onto shelves.
The security issues are not just limited to robot vacuums. Many smart devices often lack the strength for heavy encryption. This makes them easy targets for anyone trying to break into a home network. Once a vacuum is compromised, it could access other devices connected to the same Wi-Fi, like laptops or security cameras, where sensitive information might be stored.
With advancements in technology, such as artificial intelligence, it has become easier for people to experiment with coding. This increases the chances of discovering hidden vulnerabilities in software. Companies can no longer assume that their software will go unexamined. This should be a wake-up call that the convenience of a smart home comes at a high price if manufacturers don’t take data protection seriously and if users rely too heavily on such tools without considering privacy breaches. A device that can map your home’s layout and record videos poses a serious risk if it isn’t properly secured.
It’s important for manufacturers to prioritize security right from the beginning, and for consumers to stay informed about potential risks. Security failures are not minor issues; they’re significant violations of privacy. Moving forward, the industry needs to adopt much stricter standards for data isolation, ensuring that one person’s experimental project doesn’t expose the lives of countless others.
