A routine tech experiment took an unexpected turn when software engineer Sammy Azdoufal unintentionally exposed a significant security flaw affecting thousands of connected robot vacuum cleaners. What began as a playful project to control his own robot with a PS5 controller evolved into the discovery of a cloud vulnerability that allowed access to data from roughly 7,000 DJI robot vacuum cleaners worldwide.
Azdoufal, who works in AI strategy, hooked up his DJI Romo robot vacuum to a PlayStation 5 controller simply because it “sounded fun.” Using the AI coding assistant Claude Code, he reverse-engineered how the Romo communicated with DJI’s remote cloud servers. In the process, he built a custom app to control the robot. But that app didn’t just talk to his own device — it also received responses tied to other Romo units globally.
As Azdoufal explored further, he found that the same app credentials could pull in live camera feeds, microphone audio, battery status, and generated floor maps from thousands of other devices. These robots, designed for automated home cleaning and navigation, contain cameras and sensors that rely on cloud connectivity. Because the backend authentication was poorly secured, responses intended for one device were accessible to any client that could authenticate — which his experimental setup did.
To demonstrate the scope of the issue, a reporter from The Verge gave Azdoufal the serial number of a Romo unit they had been testing. Within minutes, Azdoufal could see that vacuum’s real-time location, floor layout, and status — despite having no direct access to that specific device. This showed how widespread the vulnerability could be.
Azdoufal took his findings to the tech publication rather than exploiting the data. DJI initially told The Verge the problem had been resolved but later, after further reporting including comments to Popular Science, maintained that the vulnerabilities were fixed. Neither statement included detailed technical disclosures of the fix.
The incident underscores growing concerns about the privacy and security of Internet-connected home devices. As smart appliances proliferate, poor backend protections can turn convenience into unintended surveillance. For consumers, this episode is a stark reminder that even seemingly harmless gadgets can expose sensitive information if cloud infrastructure isn’t built with strong security safeguards.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
