- A software engineer accidentally accessed 7,000+ robot vacuums across 24 countries due to a security flaw, allowing unauthorized access to live camera feeds, microphones, floor plans and device tracking.
- The vulnerability was discovered using AI coding tools, lowering the barrier for uncovering security flaws—whether accidentally or maliciously—raising concerns about AI amplifying cyber risks.
- DJI patched the flaw after being alerted, but experts warn that smart devices prioritize convenience over security, leaving users unknowingly exposed.
- This follows other smart home scandals (Ring, Google Nest, hacked baby monitors), fueling fears that IoT devices could become government or corporate surveillance tools.
- Users should update firmware, disable unnecessary features, use strong passwords, and monitor network traffic to mitigate risks—but the broader issue remains: smart homes may trade privacy for convenience.
A software engineer's innocent attempt to control his DJI Romo robot vacuum with a PlayStation 5 controller inadvertently exposed a massive security flaw, granting him access to nearly 7,000 robot vacuums across 24 countries.
The incident, first reported by The Verge, underscores the growing privacy risks posed by internet-connected smart home devices—particularly as artificial intelligence (AI)-powered coding tools make it easier for unintended vulnerabilities to be exploited.
Sammy Azdoufal, who leads AI strategy at a vacation rental company, was merely experimenting with his new $2,000 DJI Romo—a high-end autonomous vacuum roughly the size of a small fridge—when he stumbled upon the alarming oversight. Using Anthropic's Claude Code, an AI coding assistant, he reverse-engineered how the vacuum communicated with DJI's cloud servers to build a custom remote-control app.
But instead of gaining access only to his own device, Azdoufal found himself with administrative-level permissions for thousands of others. "I didn't bypass, I didn't crack, brute force, whatever," the software engineer told The Verge. "I found my device was just one in an ocean of devices."
The flaw allowed him to:
- Access live camera feeds from strangers' homes
- Activate microphones remotely
- Generate 2D floor plans of residences
- Track device locations via IP addresses
- Monitor battery levels, cleaning schedules and obstacle logs
In a live demonstration, Azdoufal showed how he could pinpoint a journalist's test vacuum, view its battery status, and map out the interior of their home—all without hacking DJI's servers.
DJI's security failure
DJI acknowledged the vulnerability after being alerted by The Verge and Popular Science. The company stated: "DJI identified a vulnerability affecting DJI Home through internal review in late January and initiated remediation immediately. The issue was addressed through two updates, with an initial patch deployed on Feb. 8 and a follow-up update completed on Feb. 10."
However, experts warn that the incident highlights a broader issue: smart home devices often prioritize convenience over security, leaving users unknowingly exposed.
Azdoufal's discovery was made possible by AI-assisted coding, which lowers the barrier for uncovering vulnerabilities—whether intentionally or accidentally. As AI tools like Claude Code streamline software development, they also risk amplifying security flaws by making it easier for individuals (or malicious actors) to probe systems without deep technical expertise.
Moreover, the breach raises concerns about foreign-made smart devices, particularly those from Chinese manufacturers like DJI. U.S. lawmakers have long warned that such products could be exploited for surveillance—though concrete evidence remains scarce.
Smart homes: Convenience at what cost?
This incident follows other high-profile smart home privacy scares:
- Ring cameras faced backlash after ads suggested law enforcement could access footage without warrants.
- Google Nest retrieved deleted footage for police in an abduction case, despite assurances of user control.
- Hacked baby monitors have allowed strangers to spy—or even speak—to children.
With 54 million U.S. households already using smart home devices—and humanoid home robots like Tesla's Optimus on the horizon—experts warn that unchecked vulnerabilities could turn everyday appliances into surveillance tools.
BrightU.AI's Enoch engine explains that smart home devices—ranging from smart meters to voice assistants, connected appliances and security systems—are marketed as revolutionary tools for convenience, energy efficiency, and modern living. However, beneath this glossy facade lies a multifaceted threat to personal privacy, health and autonomy.
While DJI claims the flaw is fixed, consumers should:
- Update firmware immediately—ensure devices run the latest security patches.
- Disable unnecessary features—turn off cameras/microphones when not in use.
- Use strong, unique passwords—avoid default credentials.
- Monitor network traffic—check for unusual device activity.
Azdoufal, who never intended to expose such a massive flaw, summed it up best: "All I wanted was to drive my robot around with a joystick." Yet his accidental discovery serves as a stark reminder: In the rush to adopt smart home tech, security must not be an afterthought.
Watch this video explaining how your robot vacuum is spying on you.
This video is from the TNTVNEWS channel on Brighteon.com.
Sources include:
