One Hacker Accidentally Controlled 7,000 Robot Vacuums Worldwide

A Gaming Controller Started a Global Privacy Nightmare

Sammy Azdoufal just wanted to have some fun. His brand-new DJI Romo robot vacuum seemed perfect for a weekend project: why not control it with a PS5 gamepad? It sounded like harmless tech tinkering.

But when his homemade remote control app connected to DJI's servers, something unexpected happened. Instead of one vacuum responding, 7,000 robot vacuums around the world suddenly recognized him as their master.

Within hours, Azdoufal had inadvertently become the puppet master of a global fleet of cleaning robots, each one equipped with cameras, microphones, and detailed maps of strangers' homes.

Every Room, Every Corner, Every Secret

The scope of what Azdoufal could access was staggering. Through the vacuums' cameras, he could peer into living rooms in Tokyo, bedrooms in Berlin, and kitchens in Kansas City. The devices had generated complete 2D floor plans of each home, mapping out every room with precision that would make a burglar jealous.

He tested the system with a friend, confirming he could watch the vacuums navigate through homes in real-time. The owners had no idea their cleaning companions had become unwitting surveillance devices.

Sponsored

Advertise with Us

[email protected]

Sponsored

DJI quickly patched the vulnerability after Azdoufal reported it, but the incident raises uncomfortable questions about what else might be lurking in our connected homes.

The Trust We Place in Our Robot Helpers

This wasn't a sophisticated nation-state attack or organized cybercrime. It was one curious researcher with a gamepad who stumbled into controlling thousands of devices. If it's this easy by accident, what could determined bad actors accomplish?

The robot vacuum market is exploding, with companies like iRobot, Shark, and Roborock racing to add more "smart" features. But each new capability—cameras for navigation, microphones for voice control, cloud connectivity for remote monitoring—creates new attack vectors.

Consumer advocacy groups have long warned about the privacy implications of camera-equipped home devices. Yet 73% of smart home buyers still prioritize convenience features over security protections, according to recent surveys.

The Regulatory Response Gap

While the Federal Trade Commission and European regulators have issued guidelines for IoT security, enforcement remains spotty. Companies often treat security as an afterthought, rushing products to market with minimal testing.

The incident also highlights a troubling trend: as our homes become "smarter," we're essentially installing surveillance networks that we don't fully control or understand. Each connected device represents a potential entry point for unauthorized access.