tech

February 15, 2026

The DJI Romo robovac had security so poor, this man remotely accessed thousands of them

Posts from this topic will be added to your daily email digest and your homepage feed.

The DJI Romo robovac had security so poor, this man remotely accessed thousands of them

TL;DR

  • Sammy Azdoufal unintentionally gained remote access to around 7,000 DJI robot vacuums globally while trying to control his own with a PS5 gamepad.
  • He could control the vacuums, view live camera feeds, and map out rooms using only the vacuum's IP address and MQTT data packets.
  • Azdoufal claims he did not hack DJI's servers but rather exploited a flaw in how the servers provided data associated with his own vacuum's token.
  • DJI initially claimed the vulnerability was fixed but later admitted to a backend permission validation issue, stating it was fully resolved after further updates.
  • Despite the patches, Azdoufal suggests some vulnerabilities, like bypassing security pins for video streams, may still exist.

Continue reading the original article