PostHole
Compose Login
You are browsing us.zone2 in read-only mode. Log in to participate.
rss-bridge 2026-02-27T22:49:26+00:00

Hacker says he accidentally breached 7,000 DJI robot vacuums with a PS5 controller

A man's quest to control his robovac with a PS5 controller exposed a huge hole in DJI's security, he claims. Now, the DJI Romo is gone from DJI's online store.

Home

Life

House & Home

Hacker says he accidentally breached 7,000 DJI robot vacuums with a PS5 controller

No matter the brand of your robot vacuum, having a hackable camera in your home is a risk.

Leah Stodart

Leah Stodart

Senior Shopping Reporter

Leah Stodart is a Philadelphia-based Senior Shopping Reporter at Mashable where she covers and tests essential home tech like vacuums and TVs, plus eco-friendly hacks. Her ever-evolving experience in these categories comes in clutch when making recommendations on how to spend your money during shopping holidays like Black Friday, which Leah has been covering for Mashable since 2017.

Read Full Bio

on February 27, 2026

Share on Facebook
Share on Twitter
Share on Flipboard

All products featured here are independently selected by our editors and writers. If you buy something through links on our site, Mashable may earn an affiliate commission.

[DJI Romo robot vacuum driving toward dock, tinted blue and red]

Credit: DJI

February has been a turbulent month for DJI. The Chinese tech giant, best known for making drones, escalated its fight against the U.S. drone ban by suing the FCC. Then the internet erupted over an entirely different DJI device: The Romo robot vacuum.

Thousands of Romo vacuums and their live cameras worldwide were reportedly hacked — and not by an evil mastermind sitting in a room surrounded by screens, but by a guy trying to get his PS5 controller to control his robot vacuum.

Sammy Azdoufal told The Verge he wasn't trying to hack anyone else's robot vacuum. It was merely a fun project for the software engineer, who alerted DJI about its massive authentication slip-up — while sharing how little work it took to access the ins and outs of a Romo owner's home.

SEE ALSO:
Firefox adds AI kill switch for users who are sick and tired of AI-everything

And yes, AI was involved. Azdoufal specializes in AI strategy; he got coding help from AI assistant Claude to change the communication protocol between DJI's servers and his Romo.

After creating a custom app for his PlayStation setup, Azdoufal discovered he was looking at way more than his own robot vacuum's data. He'd accidentally unlocked the data of thousands of DJI robot vacuum owners around the world.

The exposed information wasn't just 3D floor plans of homes, which would be bad enough. But the device's live camera feeds and microphone audio were also accessible.

Mashable Trend Report

Decode what’s viral, what’s next, and what it all means.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

As of Feb. 24, DJI has patched the problem by restricting access to this authentication loophole, Azdoufal found. Meanwhile, the Romo itself appears to have vanished from the online DJI Store, as of Feb. 26.

New fear unlocked: Your robot vacuum as a spy

Even with this issue fixed, the idea that someone could spy on you via your robot vacuum doesn't exactly boost confidence in the whole category. What if another brand of camera-toting robot vacuum brand has a similar undiscovered security flaw — and what if the person who discovers it isn't as goodhearted as Azdoufal?

We've had glimpses of this kind of vulnerability in the past. In 2024, multiple Ecovacs Deebot X2 robot vacuums across the U.S. were hacked and made to yell racial slurs at owners. Other smart home devices with cameras have faced security breaches, from baby monitors to smart doorbells.

But a robot vacuum is the only kind of device that regularly roves around your home. That gives this vulnerability a unique sense of foreboding, perhaps enough to provide the plot to a found footage horror film.

  • What are 'claws'? The next AI term you’ll need to know.
  • I tried Dyson's new PencilVac, a stick vacuum with half the weight, double the lasers. No, I will not 'chill.'
  • AI data centers must be stopped, green groups tell Congress
  • 'Why does my robot vacuum suck now?' Well, when's the last time you cleaned it?

And of course, there are even more opportunities for bad actors when AI has access to personal info.

SEE ALSO:

Microsoft says Copilot was summarizing confidential emails without permission

I test robot vacuums for a living, and I really don't want to have to be paranoid about their camera usage. The livestream camera is an incredibly comforting robot vacuum feature for pet parents who get anxious about leaving pets at home alone.

All of the robovacs I've tested have announced out loud when they're in remote viewing mode. But not all robot vacuums provide that courtesy notification (the DJI Romo, for one, does not).

In any case, if a hacker was able to get to the point that they could control the vacuum's camera, would it be that hard for them to disable the warning? While the issue remains, it might be wise to disable your vacuum's camera, at least when not in use, with the lowest-tech hack of all: putting tape over it.

Topics
Cybersecurity
Robot Vacuums

Leah Stodart

Senior Shopping Reporter

Leah Stodart is a Philadelphia-based Senior Shopping Reporter at Mashable where she covers and tests essential home tech like vacuums and TVs, plus eco-friendly hacks. Her ever-evolving experience in these categories comes in clutch when making recommendations on how to spend your money during shopping holidays like Black Friday, which Leah has been covering for Mashable since 2017.

Original source

Reply