Cover image via 
Follow us on Instagram, TikTok, and WhatsApp for the latest stories and breaking news.
A software engineer has accidentally uncovered a critical security vulnerability that exposed approximately 7,000 DJI Romo robot vacuums to unauthorised access
The flaw, which allowed remote access to live camera feeds, microphones, and detailed home floor plans, was revealed when the user attempted to build a custom application to control his device using a PlayStation controller, according to The Guardian.
The discovery was made by Sammy Azdoufal, an AI strategist based in Spain, who used the AI coding tool Claude Code to reverse-engineer the communication protocols of his new vacuum
His original intent was a harmless hobbyist project. However, upon connecting to the servers, he found that his credentials granted him access not just to his own unit, but to thousands of others across 24 countries, including the United States, Europe, and China.
Azdoufal clarified to The Verge that the breach did not involve traditional "hacking" techniques such as cracking passwords or bypassing firewalls. Instead, he simply extracted the private authentication token for his own Romo vacuum.
Because of a design oversight in DJI's infrastructure, the server treated his single token as a master key for a significant portion of the global fleet. This allowed him to pinpoint specific devices via serial numbers, monitor battery levels, and view real-time maps of strangers' homes.
DJI has since addressed the issue, reportedly deploying two automatic patches between 8 and 10 February
The company stated that the updates were applied remotely and required no manual intervention from users.
Despite these fixes, Azdoufal warned that certain risks may persist, including a vulnerability that could allow video streaming without a security PIN. He noted that the fundamental problem was not the encryption used during data transmission, but rather that sensitive telemetry was stored in a way that was easily accessible once the server connection was established.
For Malaysian consumers, these recurring security lapses highlight the growing risks associated with the Internet of Things (IoT)
While smart appliances offer undeniable convenience, they also introduce potential surveillance points into the home. Security experts advise that if a hobbyist can stumble upon the private data of thousands of individuals by accident, a targeted attack by malicious actors could have devastating consequences for personal privacy.
