One Man Accidentally Hacked 6,700 Robot Vacuums Worldwide

When a Gaming Experiment Became a Global Security Breach

Sammy Azdoufal just wanted to control his robot vacuum with a PlayStation controller. What he discovered instead was a security nightmare that stretched across 24 countries and 6,700 households.

The Dutch developer was tinkering with his DJI Romo robot vacuum when he stumbled upon something extraordinary: using nothing more than a 14-digit serial number, he could access thousands of similar devices worldwide. Not just move them around—he could see their floor plans, live video feeds, and audio streams. When The Verge contacted him for verification, Azdoufal instantly accessed a staffer's vacuum cleaner to prove his point.

The Roving Surveillance State in Your Living Room

This isn't just about cleaning robots gone rogue. Modern robot vacuums are essentially mobile surveillance devices that happen to pick up dust. They map your home's layout in 3D, record video as they navigate, and capture audio from every room. They know when you're home, when you're away, and exactly how you live.

The security vulnerability was absurdly simple: any device's serial number—often visible on the product itself—granted complete access to its functions. No authentication, no verification, no barriers whatsoever. It's like leaving your house key under a doormat labeled with your address.

The Reactive Security Culture

DJI fixed the vulnerability only after Azdoufal live-tweeted his discovery, drawing public attention to the flaw. This "patch after exposure" approach has become the norm in IoT security, where companies prioritize speed-to-market over security-by-design.

The broader pattern is troubling. IoT manufacturers often treat security as an afterthought, focusing on features and price competition while leaving fundamental vulnerabilities unaddressed. This is particularly concerning with Chinese manufacturers, who dominate the global smart home market but often have opaque security practices.

Beyond Robot Vacuums: The Connected Home Dilemma

This incident raises uncomfortable questions about every smart device we invite into our homes. Amazon Alexa, Google Nest, Apple HomePod, security cameras, smart doorbells—each represents a potential entry point for unwanted surveillance.

The problem compounds with scale. As smart home adoption accelerates, a single vulnerability can expose millions of households simultaneously. The convenience of voice-controlled everything comes with the risk of everything-controlled-by-strangers.

The Regulatory Void

While the EU's Cyber Resilience Act promises stricter IoT security standards, implementation remains years away. In the US, IoT security regulation is fragmented across agencies, with no comprehensive framework for consumer protection.

Meanwhile, consumers are left to navigate this landscape with little guidance. How do you evaluate the security of a robot vacuum? Most people can't, and manufacturers know it.