Someone Remotely Accessed the Cameras in 7,000 DJI Robot Vacuums
A man trying to control his DJI Romo vacuum with a PlayStation 5 controller inadvertently gained remote access to about 7,000 Romo vacuums worldwide, enabling him to see inside people’s homes over the internet.
As The Verge reported earlier this month, Sammy Azdoufal built a remote control app to use his PS5 controller to control the DJI Romo. DJI released the Romo last year, leveraging its expansive drone technology, including obstacle-detection imaging and binocular fisheye vision sensor. Azdoufal’s app connected to DJI’s global servers, granting him an incredible level of access.
Azdoufal told The Verge that he could remotely view and listen in on Romo vacuum camera systems worldwide, and even use an individual robot’s IP address to track down its approximate location. Azdoufal even showed The Verge a live demo of his app in action, which could also connect to DJI Power portable battery stations.
The Verge even tested it in real time, having Azdoufal try to find a unit that Thomas Ricker of The Verge recently reviewed. Sure enough, Azdoufal pulled up the robot using its serial number, obtained an accurate floor plan of Ricker’s apartment, and accessed a live video feed.
Although this all sounds very nefarious, Azdoufal claims he achieved this remarkable level of access without ever breaking any rules, bypassing security, or hacking anything. He took a private token from his own Romo, and, for whatever reason, DJI’s servers granted him access to everything, including pre-production DJI servers.
Oupss https://t.co/lqUswFk8CU pic.twitter.com/jjgoIk86Lm
— Sam (@n0tsa) February 6, 2026
It is crazy.
Even before The Verge saw Azdoufal’s app in action, it told DJI about it, and the company said it had already fixed the security vulnerabilities. However, as evidenced by the live demo Azdoufal provided The Verge, that was not the case. Security vulnerabilities can be complicated and challenging to fix, of course, but it’s concerning that something like this was even possible in the first place.
This is far from the first time a piece of home tech has had security vulnerabilities, and unfortunately, it is unlikely to be the last.
However, The Verge puts it very well: “… people who put a camera into their home expect that data to be protected, both in transit and once it reaches the server.”
As of now, there are still vulnerabilities with the DJI Romo, which DJI tells The Verge it will resolve in “weeks.” The publication and Azdoufal are fortunately keeping some of them under wraps until they are completely fixed.
Image credits: DJI