Sammy Azdoufal claims he wasn’t attempting to hack each robotic vacuum on the earth. He simply needed to distant management his brand-new DJI Romo vacuum with a PS5 gamepad, he tells The Verge, as a result of it sounded enjoyable.
However when his homegrown distant management app began speaking to DJI’s servers, it wasn’t simply one vacuum cleaner that replied. Roughly 7,000 of them, all world wide, started treating Azdoufal like their boss.
He may remotely management them, and look and hear via their stay digital camera feeds, he tells me, saying he examined that out with a pal. He may watch them map out every room of a home, producing an entire 2D flooring plan. He may use any robotic’s IP tackle to seek out its tough location.
“I discovered my system was only one in an ocean of units,” he says.
On Tuesday, when he confirmed me his stage of entry in a stay demo, I couldn’t imagine my eyes. Ten, a whole bunch, hundreds of robots reporting for obligation, every phoning dwelling MQTT knowledge packets each three seconds to say: their serial quantity, which rooms they’re cleansing, what they’ve seen, how far they’ve traveled, once they’re returning to the charger, and the obstacles they encountered alongside the way in which.
I watched every of those robots slowly pop into existence on a map of the world. 9 minutes after we started, Azdoufal’s laptop computer had already cataloged 6,700 DJI units throughout 24 completely different nations and picked up over 100,000 of their messages. When you add the corporate’s DJI Energy moveable energy stations, which additionally cellphone dwelling to those similar servers, Azdoufal had entry to over 10,000 units.
Once I say I couldn’t imagine my eyes at first, I imply that actually. Azdoufal leads AI technique at a trip rental dwelling firm; when he informed me he reverse engineered DJI’s protocols utilizing Claude Code, I had to wonder if AI was hallucinating these robots. So I requested my colleague Thomas Ricker, who simply completed reviewing the DJI Romo, to go us its serial quantity.
With nothing greater than that 14-digit quantity, Azdoufal couldn’t solely pull up our robotic, he may appropriately see it was cleansing the lounge and had 80 % battery life remaining. Inside minutes, I watched the robotic generate and transmit an correct flooring plan of my colleague’s home, with the right form and dimension of every room, simply by typing some digits right into a laptop computer situated in a special nation.
Individually, Azdoufal pulled up his personal DJI Romo’s stay video feed, fully bypassing its safety PIN, then walked into his lounge and waved to the digital camera whereas I watched. He additionally says he shared a restricted read-only model of his app with Gonzague Dambricourt, CTO at an IT consulting agency in France; Dambricourt tells me the app let him remotely watch his personal DJI Romo’s digital camera feed earlier than he even paired it.
Azdoufal was in a position to allow all of this with out hacking into DJI’s servers, he claims. “I didn’t infringe any guidelines, I didn’t bypass, I didn’t crack, brute pressure, no matter.” He says he merely extracted his personal DJI Romo’s non-public token — the important thing that tells DJI’s servers that it is best to have entry to your personal knowledge — and people servers gave him the info of hundreds of different individuals as effectively. He exhibits me that he can entry DJI’s pre-production server, in addition to the stay servers for the US, China, and the EU.
Right here’s the excellent news: On Tuesday, Azdoufal was not in a position to take our DJI Romo on a joyride via my colleague’s home, see via its digital camera, or hear via its microphone. DJI had already restricted that type of entry after each Azdoufal and I informed the corporate concerning the vulnerabilities.
And by Wednesday morning, Azdoufal’s scanner now not had entry to any robots, not even his personal. It seems that DJI has plugged the gaping gap.
However this incident raises severe questions on DJI’s safety and knowledge practices. It can little question be used to assist retroactively justify fears that led to the Chinese language dronemaker getting largely pressured out of the US. If Azdoufal may discover these robots with out even searching for them, will it shield them in opposition to individuals with intent to do hurt? If Claude Code can spit out an app that allows you to see into somebody’s home, what retains a DJI worker from doing so? And may a robotic vacuum cleaner have a microphone? “It’s so bizarre to have a microphone on a freaking vacuum,” says Azdoufal.
It doesn’t assist that when Azdoufal and The Verge contacted DJI concerning the difficulty, the corporate claimed it had mounted the vulnerability when it was truly solely partially resolved.
“DJI can affirm the problem was resolved final week and remediation was already underway previous to public disclosure,” reads a part of the unique assertion offered by DJI spokesperson Daisy Kong. We acquired that assertion on Tuesday morning at 12:28PM ET — about half an hour earlier than Azdoufal confirmed me hundreds of robots, together with our overview unit, reporting for obligation.
To be clear, it’s not stunning {that a} robotic vacuum cleaner with a smartphone app would cellphone dwelling to the cloud. For higher or for worse, customers presently anticipate these apps to work outdoors of their very own houses. Until you’ve constructed a tunnel into your personal dwelling community, meaning relaying the info via cloud servers first.
However individuals who put a digital camera into their dwelling anticipate that knowledge to be protected, each in transit and as soon as it reaches the server. Safety professionals ought to know that — however as quickly as Azdoufal linked to DJI’s MQTT servers, every little thing was seen in cleartext. If DJI has merely lower off one explicit means into these servers, that will not be sufficient to guard them if hackers discover one other means in.
Sadly, DJI is way from the one sensible dwelling firm that’s let individuals down on safety. Hackers took over Ecovacs robotic vacuums to chase pets and yell racist slurs in 2024. In 2025, South Korean authorities companies reported that Dreame’s X50 Extremely had a flaw that might let hackers view its digital camera feed in actual time, and that one other Ecovacs and a Narwal robovac may let hackers view and steal pictures from the units. (Korea’s personal Samsung and LG vacuums acquired excessive marks, and a Roborock did fantastic.)
It’s not simply vacuums, in fact. I nonetheless received’t purchase a Wyze digital camera, regardless of its new safety concepts, as a result of that firm tried to brush a distant entry vulnerability underneath the rug as an alternative of warning its clients. I’d discover it onerous to belief Anker’s Eufy after it lied to us about its safety, too. However Anker got here clear, and daylight is an efficient disinfectant.
DJI shouldn’t be being exceptionally clear about what occurred right here, nevertheless it did reply nearly all our questions. In a brand new assertion to The Verge by way of spokesperson Daisy Kong, the corporate now admits “a backend permission validation difficulty” that might have theoretically let hackers see stay video from its vacuums, and it admits that it didn’t absolutely patch that difficulty till after we confirmed that points had been nonetheless current.
Right here’s that entire assertion:
DJI recognized a vulnerability affecting DJI Residence via inside overview in late January and initiated remediation instantly. The difficulty was addressed via two updates, with an preliminary patch deployed on February 8 and a follow-up replace accomplished on February 10. The repair was deployed mechanically, and no consumer motion is required.
The vulnerability concerned a backend permission validation difficulty affecting MQTT-based communication between the system and the server. Whereas this difficulty created a theoretical potential for unauthorized entry to stay video of ROMO system, our investigation confirms that precise occurrences had been extraordinarily uncommon. Almost all recognized exercise was linked to impartial safety researchers testing their very own units for reporting functions, with solely a handful of potential exceptions.
The primary patch addressed this vulnerability however had not been utilized universally throughout all service nodes. The second patch re-enabled and restarted the remaining service nodes. This has now been absolutely resolved, and there’s no proof of broader impression. This was not a transmission encryption difficulty. ROMO device-to-server communication was not transmitted in cleartext and has at all times been encrypted utilizing TLS. Information related to ROMO units, corresponding to these in Europe, is saved on U.S.-based AWS cloud infrastructure.
DJI maintains sturdy requirements for knowledge privateness and safety and has established processes for figuring out and addressing potential vulnerabilities. The corporate has invested in industry-standard encryption and operates a longstanding bug bounty program. We now have reviewed the findings and suggestions shared by the impartial safety researchers who contacted us via that program as a part of our commonplace post-remediation course of. DJI will proceed to implement further safety enhancements as a part of its ongoing efforts.
Azdoufal says that even now, DJI hasn’t mounted all of the vulnerabilities he’s discovered. One in every of them is the flexibility to view your personal DJI Romo video stream with no need its safety pin. One other one is so dangerous I received’t describe it till DJI has extra time to repair it. DJI didn’t instantly promise to take action.
And each Azdoufal and safety researcher Kevin Finisterre inform me it’s not sufficient for the Romo to ship encrypted knowledge to a US server, if anybody inside that server can simply learn it afterward. “A server being based mostly within the US under no circumstances, form, or type prevents .cn DJI workers from entry,” Finisterre tells me. That appears evident, as Azdoufal lives in Barcelona and was in a position to see units in totally completely different areas.
“When you’re an authenticated shopper on the MQTT dealer, if there aren’t any correct topic-level entry controls (ACLs), you’ll be able to subscribe to wildcard subjects (e.g., #) and see all messages from all units in plaintext on the software layer,” says Azdoufal. “TLS does nothing to forestall this — it solely protects the pipe, not what’s contained in the pipe from different licensed members.”
Once I inform Azdoufal that some might decide him for not giving DJI a lot time to resolve the problems earlier than going public, he notes that he didn’t hack something, didn’t expose delicate knowledge, and isn’t a safety skilled. He says he was merely livetweeting every little thing that occurred whereas attempting to regulate his robotic with a PS5 gamepad.
“Sure, I don’t comply with the foundations, however individuals keep on with the bug bounty program for cash. I fucking don’t care, I simply need this mounted,” he says. “Following the foundations to the top would most likely make this breach occur for a means longer time, I feel.”
He doesn’t imagine that DJI really found these points by itself again in January, and he’s aggravated the corporate solely ever responded to him robotically in DMs on X, as an alternative of answering his emails.
However he’s joyful about one factor: He can certainly management his Romo with a PlayStation or Xbox gamepad.