-
Smart Home
The current hazard may be resolved, yet this brings up significant concerns.
The current hazard may be resolved, yet this brings up significant concerns.
Sammy Azdoufal asserts that his intention wasn’t to hack every robot vacuum globally. He merely wished to control his newly acquired DJI Romo vacuum via a PS5 gamepad, as he stated to The Verge, because he perceived it as enjoyable.
However, when his self-developed remote control application started connecting with DJI’s servers, it wasn’t just one vacuum that responded. Approximately 7,000 of them from around the globe commenced recognizing Azdoufal as their master.
He was able to control them remotely and observe and listen through their live camera outputs, he mentioned, explaining he experimented with that alongside a friend. He could observe them charting each area of a household, generating a complete 2D layout. He could leverage any robot’s IP address to ascertain its approximate position.
“I discovered that my device was just one among a sea of devices,” he states.
On Tuesday, when he demonstrated his level of access in a live session, I was astonished. Ten, hundreds, thousands of robots reporting their status, each sending home MQTT data packets every three seconds to report: their unique identification number, which rooms they were cleaning, what they noticed, how far they moved, when they returned to their charging station, and the hurdles they encountered during the process.
I observed each of these robots gradually appearing on a world map. Nine minutes after we commenced, Azdoufal’s laptop had already cataloged 6,700 DJI devices across 24 different nations and amassed over 100,000 of their data reports. By including the company’s DJI Power portable charging stations, which also connect to these same servers, Azdoufal accessed over 10,000 devices.
Initially, when I claimed I couldn’t believe my eyes, I meant that genuinely. Azdoufal heads AI strategy at a vacation rental home firm; when he informed me that he reverse-engineered DJI’s protocols utilizing Claude Code, I questioned whether AI was hallucinating these robots. So, I requested my colleague Thomas Ricker, who had recently finished reviewing the DJI Romo, to provide its serial number.
With nothing more than that 14-digit number, Azdoufal could not only locate our robot, he could accurately see that it was cleaning the living room and had 80 percent battery left. Within moments, I witnessed the robot create and send an accurate layout of my colleague’s house, complete with the correct shape and dimensions of each room, merely by entering a few digits into a laptop situated in another country.
In another instance, Azdoufal accessed his own DJI Romo’s live video feed, entirely circumventing its security PIN, and then stepped into his living room and waved at the camera while I observed. He also stated that he shared a limited read-only variant of his application with Gonzague Dambricourt, CTO at an IT consulting firm in France; Dambricourt mentioned that the application allowed him to remotely watch his own DJI Romo’s camera feed even before he synchronized it.
Azdoufal managed to enable all of this without breaching DJI’s servers, he asserts. “I didn’t break any laws, I didn’t subvert, I didn’t hack, brute force, whatever.” He claims he merely retrieved his own DJI Romo’s private token — the key that indicates to DJI’s servers that you are entitled to access your own data — and those servers provided him with the information of a multitude of other users as well. He illustrated that he could connect to DJI’s pre-production server, and also the live servers for the US, China, and the EU.
The positive news? On Tuesday, Azdoufal could not commandeer our DJI Romo through my colleague’s house, view through its camera, or listen via its microphone. DJI had already curtailed that type of access after both Azdoufal and I informed the company about the vulnerabilities.
And by Wednesday morning, Azdoufal’s scanner had completely lost access to all robots, including his own. It seems that DJI has effectively addressed the glaring gap.
Yet, this occurrence poses serious inquiries about DJI’s security and data handling practices. It will certainly be leveraged to retroactively validate fears that have caused the Chinese drone manufacturer to face significant challenges in the US market.
If Azdoufal could identify these robots without actively searching for them, will they be safe from individuals with malicious intentions? If Claude Code can produce an app that allows you to observe into someone’s home, what prevents a DJI employee from doing the same? And should a robotic vacuum possess a microphone? “It feels bizarre to have a microphone on a vacuum cleaner,” remarks Azdoufal.
It doesn’t help that when Azdoufal and The Verge reached out to DJI regarding the matter, the company asserted it had resolved the vulnerability when it was actually only partially addressed.
“DJI can confirm that the issue was rectified last week, and remediation was already in progress before it was disclosed publicly,” reads part of the initial statement given by DJI spokesperson Daisy Kong. We received that statement on Tuesday morning at 12:28 PM ET — about half an hour prior to Azdoufal demonstrating thousands of robots, including our review unit, reporting in.
To clarify, it’s not unexpected that a robot vacuum equipped with a smartphone application would connect to the cloud. For better or for worse, users now anticipate these applications to function outside their own residences. Unless you’ve engineered a tunnel into your local network, that implies sending the data through cloud servers first.
However, individuals who install a camera in their home expect that data to be safeguarded, both during transmission and once it arrives at the server. Security experts should recognize that — but as soon as Azdoufal connected to DJI’s MQTT servers, everything was exposed in cleartext. If DJI has merely shut off one specific access point to those servers, that may not be sufficient to protect them if hackers discover an alternative route.
Regrettably, DJI is far from the only smart home entity that has disappointed users regarding security. Hackers commandeered Ecovacs robot vacuums to harass pets and shout racist slurs in 2024. In 2025, South Korean governmental entities reported that Dreame’s X50 Ultra had a vulnerability that could allow hackers to observe its camera feed in real-time, and that other Ecovacs and Narwal robovacs could allow hackers to view and extract images from the devices. (Korean brands Samsung and LG vacuums received high marks, and a Roborock performed well.)
It’s not solely vacuums, obviously. I still won’t invest in a Wyze camera, despite its new security measures, because that company attempted to conceal a remote access loophole instead of alerting its users. Trusting Anker’s Eufy is challenging after it misled us about its security as well. Nevertheless, Anker has come clean, and transparency is an effective disinfectant.
DJI is not being particularly open about the occurrences here, but it did address almost all our inquiries. In a recent statement to The Verge via spokesperson Daisy Kong, the company acknowledges “a backend permission validation issue” that could have hypothetically allowed hackers to view live video from its vacuums, and it admits that it didn’t fully resolve that issue until after we verified that the problems were still present.
Here’s the entirety of that statement:
DJI identified a vulnerability impacting DJI Home through internal assessment in late January and began remediation immediately. The issue was addressed via two updates, with an initial patch released on February 8 and a subsequent update completed on February 10. The fix was automatically deployed, and no user intervention is necessary.
The vulnerability involved a backend permission validation issue affecting MQTT-based communication between the device and the server. While this issue created a theoretical opportunity for unauthorized access to live video of ROMO devices, our investigation confirms that actual incidents were exceedingly rare. Nearly all recognized activity was linked to independent security researchers testing their own devices for documentation purposes, with only a few potential exceptions.
The first patch addressed this vulnerability but had not been universally applied across all service nodes. The second patch re-enabled and restarted the remaining service nodes. This has now been fully rectified, and no evidence suggests a broader impact. This was not a transmission encryption issue. Communication from ROMO devices to servers was not transmitted in cleartext and has always been protected using TLS. Data associated with ROMO devices, such as those in Europe, is stored on U.S.-based AWS cloud infrastructure.
DJI adheres to strong standards for data privacy and security and has established procedures for identifying and addressing possible vulnerabilities. The company has invested in industry-standard encryption and operates a long-standing bug bounty program. We have examined the findings and suggestions provided by the independent security researchers who reached out to us through that program as part of our standard post-remediation review. DJI will continue to implement extra security improvements as part of its ongoing initiatives.
Azdoufal argues that even now, DJI hasn’t rectified all the vulnerabilities he has discovered. One of these is the capacity to view your own DJI Romo video stream without requiring its security pin. Another is severe enough that I will refrain from describing it until DJI has further time to address it. DJI did not immediately assure they would do so.
Both Azdoufal and security expert Kevin Finisterre inform me that it’s insufficient for the Romo to transmit encrypted data to a US server, if anyone within that server can easily read it afterward. “A server being based in the US in no way, shape, or form prevents .cn DJI employees from access,” Finisterre informs me. This seems clear, as Azdoufal resides in Barcelona and could see devices in completely different areas.
“Once you’re an authenticated client on the MQTT broker, if there are no proper topic-level access controls (ACLs), you can subscribe to wildcard topics (e.g., #) and see all messages from all devices in plaintext at the application layer,” states Azdoufal. “TLS does nothing to prevent this — it only protects the pipe, not what’s inside the pipe from other authorized participants.”
When I mention to Azdoufal that some may criticize him for not granting DJI much time to resolve the issues before making them public, he observes that he didn’t hack anything, didn’t disclose sensitive information, and isn’t a security expert. He explains that he was merely livetweeting everything that transpired while attempting to control his robot with a PS5 game controller.
“Yes, I don’t adhere to the rules, but individuals participate in the bug bounty program for financial gain. I sincerely don’t mind; I just want this resolved,” he asserts. “Abiding by the rules all the way could have allowed this breach to persist for a significantly longer period, I think.”
He doesn’t believe that DJI genuinely discovered these issues by itself back in January, and he’s frustrated that the company only ever responded to him mechanically in DMs on X, instead of addressing his emails.
However, he is pleased about one thing: He can, indeed control his Romo using a PlayStation or Xbox game controller.
