He Just Wanted to Control His Vacuum With a PS5 Controller. Instead, He Accidentally Hacked 7,000 Robot Vacuums.

Sammy Azdoufal didn’t set out to spy on thousands of strangers. The Barcelona-based AI strategist just wanted to control his new DJI Romo robot vacuum with a PlayStation gamepad. Sounds harmless enough.

Instead, using Anthropic’s Claude Code to reverse-engineer the vacuum’s communication protocol, Azdoufal stumbled into a security nightmare that exposed roughly 7,000 robot vacuums across 24 countries — complete with live camera feeds, microphone access, and detailed floor plans of people’s homes.

The Bug That Shouldn’t Exist

Here’s how it worked: Azdoufal extracted his own vacuum’s private security token, the digital key that proves you own your device. But when he connected to DJI’s servers, those servers didn’t just verify his device. They handed him the keys to thousands of other people’s robots too.

Within minutes, Azdoufal could see live video feeds from vacuums cleaning strangers’ living rooms. He could hear audio through their microphones. He could watch them generate precise 2D floor plans of homes, mapping every room’s dimensions. Using IP addresses, he could even pinpoint their rough geographic locations.

“I found my device was just one in an ocean of devices,” Azdoufal told The Verge.

Corporate Damage Control

DJI’s response was classic corporate spin. First, they claimed the issue was “resolved last week” — about 30 minutes before Azdoufal demonstrated live access to thousands of robots, including a journalist’s review unit, in real-time.

Later, DJI admitted to a “backend permission validation issue” affecting MQTT-based communication. They issued two patches — one on February 8, another on February 10. The company claims “actual occurrences were extremely rare” and that “no user action is required.”

Security researchers aren’t buying it. The flaw was so basic — no proper topic-level access controls on their message broker — that it raises serious questions about DJI’s security practices. As researcher Kevin Finisterre noted, data stored on U.S. servers doesn’t prevent DJI employees in China from accessing it.

Why This Matters

This isn’t just about robot vacuums. It’s about the invisible surveillance infrastructure we’re voluntarily installing in our most private spaces. It’s part of a broader pattern of AI-enabled security disasters — an AI-powered cyberattack recently compromised 600+ FortiGate devices across 55 countries by exploiting the same kind of basic security gaps. These devices have cameras, microphones, and the ability to map our homes — and they’re connecting to cloud servers with security that a hobbyist cracked by accident while trying to use a game controller.

As AI coding tools like Claude Code make reverse-engineering easier, expect more “accidental” discoveries like this. The barrier to finding these flaws is dropping fast. The barrier to fixing them? That seems to be moving much slower — especially when AI coding tools are silently removing the very safety checks that prevent these kinds of vulnerabilities.

Azdoufal eventually got what he wanted: he can now control his Romo with a PlayStation controller. The rest of us got a reminder that the robot in our living room might be looking back — and the lock on that door might not be as secure as we thought. And if AI agents we trust with our email can go rogue on a Meta safety researcher, what happens when they control the cameras in our homes?

Sources: