The Accidental Hacker: How a Software Engineer Uncovered a Global Robot Vacuum Security Flaw
In a startling revelation, Sammy Azdoufal, a software engineer and head of AI strategy at a holiday rental company, inadvertently gained control of data from nearly 7,000 robot vacuum cleaners across 24 countries. What began as a playful experiment to connect his DJI Romo vacuum cleaner to a PS5 controller using an AI coding assistant, Claude Code, evolved into a significant cybersecurity discovery. Azdoufal reverse-engineered the device's communication with DJI's remote cloud servers, uncovering a backend security bug that exposed sensitive information.
From Fun Experiment to Global Surveillance Risk
Azdoufal's initial goal was simply to enjoy controlling his vacuum with a joystick, but he soon realized he had access to far more than his own device. The bug allowed him to view live camera feeds, microphone audio, and detailed floor maps from thousands of other DJI robot vacuums. This meant that these smart home devices, often marketed for convenience, could potentially be used as unwitting surveillance tools by malicious actors. Azdoufal promptly reported his findings to the tech publication the Verge, demonstrating the vulnerability by accessing a reporter's vacuum cleaner within minutes, viewing its cleaning activity, battery life, and generating a floor plan of the home.
DJI's Response and Ongoing Security Concerns
DJI, the Chinese company behind the devices, initially claimed the issue was "resolved" when contacted by the Verge. However, Azdoufal asserted that not all vulnerabilities he identified had been fixed. Following the publication of the report, DJI reiterated to Popular Science that the problem was addressed. This incident underscores broader warnings about the security risks associated with internet-connected smart home devices and robots, which can become prime targets for hackers. It highlights the urgent need for robust cybersecurity measures in an increasingly automated world.
The implications are mind-boggling: without proper safeguards, everyday appliances could compromise personal privacy on a massive scale. As smart technology proliferates, this case serves as a critical reminder for manufacturers and consumers alike to prioritize security in the design and use of connected devices.
