Sammy Azdoufal claims he wasn’t trying to hack each robot vacuum successful the world. He conscionable wanted to distant power his brand-new DJI Romo vacuum pinch a PS5 gamepad, he tells The Verge, because it sounded fun.
But erstwhile his homegrown distant power app started talking to DJI’s servers, it wasn’t conscionable one vacuum cleaner that replied. Roughly 7,000 of them, each astir the world, began treating Azdoufal for illustration their boss.
He could remotely power them, and look and perceive done their unrecorded camera feeds, he tells me, saying he tested that retired pinch a friend. He could watch them representation retired each room of a house, generating a complete 2D level plan. He could usage immoderate robot’s IP reside to find its unsmooth location.
“I recovered my instrumentality was conscionable 1 successful an water of devices,” he says.
On Tuesday, erstwhile he showed maine his level of entree successful a unrecorded demo, I couldn’t judge my eyes. Ten, hundreds, thousands of robots reporting for duty, each phoning location MQTT information packets each 3 seconds to say: their serial number, which rooms they’re cleaning, what they’ve seen, really acold they’ve traveled, erstwhile they’re returning to the charger, and the obstacles they encountered on the way.
I watched each of these robots slow popular into beingness connected a representation of the world. Nine minutes aft we began, Azdoufal’s laptop had already cataloged 6,700 DJI devices crossed 24 different countries and collected complete 100,000 of their messages. If you adhd the company’s DJI Power portable powerfulness stations, which besides telephone location to these aforesaid servers, Azdoufal had entree to complete 10,000 devices.
Azdoufal says he could remote-control robovacs and position unrecorded video complete the internet.
When I opportunity I couldn’t judge my eyes astatine first, I mean that literally. Azdoufal leads AI strategy astatine a picnic rental location company; erstwhile he told maine he reverse engineered DJI’s protocols utilizing Claude Code, I had to wonderment whether AI was hallucinating these robots. So I asked my workfellow Thomas Ricker, who conscionable vanished reviewing the DJI Romo, to walk america its serial number.
With thing much than that 14-digit number, Azdoufal could not only propulsion up our robot, he could correctly spot it was cleaning the surviving room and had 80 percent artillery life remaining. Within minutes, I watched the robot make and transmit an meticulous level scheme of my colleague’s house, pinch the correct style and size of each room, conscionable by typing immoderate digits into a laptop located successful a different country.
Separately, Azdoufal pulled up his ain DJI Romo’s unrecorded video feed, wholly bypassing its information PIN, past walked into his surviving room and waved to the camera while I watched. He besides says he shared a constricted read-only type of his app pinch Gonzague Dambricourt, CTO astatine an IT consulting patient successful France; Dambricourt tells maine the app fto him remotely watch his ain DJI Romo’s camera provender earlier he moreover paired it.
Azdoufal was capable to alteration each of this without hacking into DJI’s servers, he claims. “I didn’t infringe immoderate rules, I didn’t bypass, I didn’t crack, brute force, whatever.” He says he simply extracted his ain DJI Romo’s backstage token — the cardinal that tells DJI’s servers that you should person entree to your own information — and those servers gave him the information of thousands of different group arsenic well. He shows maine that he tin entree DJI’s pre-production server, arsenic good arsenic the unrecorded servers for the US, China, and the EU.
Here’s the bully news: On Tuesday, Azdoufal was not capable to return our DJI Romo connected a joyride done my colleague’s house, spot done its camera, aliases perceive done its microphone. DJI had already restricted that shape of entree aft some Azdoufal and I told the institution astir the vulnerabilities.
And by Wednesday morning, Azdoufal’s scanner nary longer had entree to immoderate robots, not moreover his own. It appears that DJI has plugged the gaping hole.
But this incident raises superior questions astir DJI’s information and information practices. It will nary uncertainty beryllium utilized to thief retroactively warrant fears that led to the Chinese dronemaker getting mostly forced retired of the US. If Azdoufal could find these robots without moreover looking for them, will it protect them against group pinch intent to do harm? If Claude Code tin spit retired an app that lets you spot into someone’s house, what keeps a DJI worker from doing so? And should a robot vacuum cleaner person a microphone? “It’s truthful weird to person a microphone connected a freaking vacuum,” says Azdoufal.
It doesn’t thief that erstwhile Azdoufal and The Verge contacted DJI astir the issue, the institution claimed it had fixed the vulnerability erstwhile it was really only partially resolved.
“DJI tin corroborate the rumor was resolved past week and remediation was already underway anterior to nationalist disclosure,” sounds portion of the original connection provided by DJI spokesperson Daisy Kong. We received that connection connected Tuesday greeting astatine 12:28PM ET — astir half an hr earlier Azdoufal showed maine thousands of robots, including our reappraisal unit, reporting for duty.
To beryllium clear, it’s not astonishing that a robot vacuum cleaner pinch a smartphone app would telephone location to the cloud. For amended aliases for worse, users presently expect those apps to activity extracurricular of their ain homes. Unless you’ve built a passageway into your ain location network, that intends relaying the information done unreality servers first.
But group who put a camera into their location expect that information to beryllium protected, some successful transit and erstwhile it reaches the server. Security professionals should cognize that — but arsenic soon arsenic Azdoufal connected to DJI’s MQTT servers, everything was visible successful cleartext. If DJI has simply trim disconnected 1 peculiar measurement into those servers, that whitethorn not beryllium capable to protect them if hackers find different measurement in.
Unfortunately, DJI is acold from the only smart location institution that’s fto group down connected security. Hackers took complete Ecovacs robot vacuums to pursuit pets and outcry racist slurs successful 2024. In 2025, South Korean authorities agencies reported that Dreame’s X50 Ultra had a flaw that could fto hackers position its camera provender successful existent time, and that different Ecovacs and a Narwal robovac could fto hackers position and bargain photos from the devices. (Korea’s ain Samsung and LG vacuums received precocious marks, and a Roborock did fine.)
It’s not conscionable vacuums, of course. I still won’t bargain a Wyze camera, contempt its new information ideas, because that institution tried to expanse a distant entree vulnerability nether the rug alternatively of informing its customers. I would find it difficult to spot Anker’s Eufy after it lied to us astir its security, too. But Anker came clean, and sunlight is simply a bully disinfectant.
DJI is not being exceptionally transparent astir what happened here, but it did reply almost each our questions. In a caller connection to The Verge via spokesperson Daisy Kong, the institution now admits “a backend support validation issue” that could person theoretically fto hackers spot unrecorded video from its vacuums, and it admits that it didn’t afloat spot that rumor until aft we confirmed that issues were still present.
Here’s that full statement:
DJI identified a vulnerability affecting DJI Home done soul reappraisal successful precocious January and initiated remediation immediately. The rumor was addressed done 2 updates, pinch an first spot deployed connected February 8 and a follow-up update completed connected February 10. The hole was deployed automatically, and nary personification action is required.
The vulnerability progressive a backend support validation rumor affecting MQTT-based connection betwixt the instrumentality and the server. While this rumor created a theoretical imaginable for unauthorized entree to unrecorded video of ROMO device, our investigation confirms that existent occurrences were highly rare. Nearly each identified activity was linked to independent information researchers testing their ain devices for reporting purposes, pinch only a fistful of imaginable exceptions.
The first spot addressed this vulnerability but had not been applied universally crossed each work nodes. The 2nd spot re-enabled and restarted the remaining work nodes. This has now been afloat resolved, and location is nary grounds of broader impact. This was not a transmission encryption issue. ROMO device-to-server connection was not transmitted successful cleartext and has ever been encrypted utilizing TLS. Data associated pinch ROMO devices, specified arsenic those successful Europe, is stored connected U.S.-based AWS unreality infrastructure.
DJI maintains beardown standards for information privateness and information and has established processes for identifying and addressing imaginable vulnerabilities. The institution has invested successful industry-standard encryption and operates a longstanding bug bounty program. We person reviewed the findings and recommendations shared by the independent information researchers who contacted america done that programme arsenic portion of our modular post-remediation process. DJI will proceed to instrumentality further information enhancements arsenic portion of its ongoing efforts.
Azdoufal says that moreover now, DJI hasn’t fixed each the vulnerabilities he’s found. One of them is the expertise to position your ain DJI Romo video watercourse without needing its information pin. Another 1 is truthful bad I won’t picture it until DJI has much clip to hole it. DJI did not instantly committedness to do so.
And some Azdoufal and information interrogator Kevin Finisterre show maine it’s not capable for the Romo to nonstop encrypted information to a US server, if anyone wrong that server tin easy publication it afterward. “A server being based successful the US successful nary way, shape, aliases shape prevents .cn DJI labor from access,” Finisterre tells me. That seems evident, arsenic Azdoufal lives successful Barcelona and was capable to spot devices successful wholly different regions.
“Once you’re an authenticated customer connected the MQTT broker, if location are nary due topic-level entree controls (ACLs), you tin subscribe to wildcard topics (e.g., #) and spot each messages from each devices successful plaintext astatine the exertion layer,” says Azdoufal. “TLS does thing to forestall this — it only protects the pipe, not what’s wrong the tube from different authorized participants.”
When I show Azdoufal that immoderate whitethorn judge him for not giving DJI overmuch clip to resoluteness the issues earlier going public, he notes that he didn’t hack anything, didn’t expose delicate data, and isn’t a information professional. He says he was simply livetweeting everything that happened while trying to power his robot pinch a PS5 gamepad.
“Yes, I don’t travel the rules, but group instrumentality to the bug bounty programme for money. I fucking don’t care, I conscionable want this fixed,” he says. “Following the rules to the extremity would astir apt make this breach hap for a measurement longer time, I think.”
He doesn’t judge that DJI genuinely discovered these issues by itself backmost successful January, and he’s irritated the institution only ever responded to him robotically successful DMs connected X, alternatively of answering his emails.
But he is happy astir 1 thing: He tin indeed power his Romo pinch a PlayStation aliases Xbox gamepad.
Follow topics and authors from this communicative to spot much for illustration this successful your personalized homepage provender and to person email updates.
.png "How Kv Caching Slashes Llm Inference Costs At Scale")
English (US) · 
Indonesian (ID) ·