User accidentally gains control of over 6,700 robot vacuums while tinkering with their own device to enable control with a PlayStation controller — security flaw reveals floor plans and live video feeds
URL copied — paste it as a website source in a new notebook
Summary
In February 2026, an accidental security discovery exposed one of the most striking IoT vulnerabilities in recent years. Sammy Azdoufal, an AI strategist, purchased a DJI Romo robot vacuum—the company's first smart vacuum model—and wanted to enhance his experience by controlling it with his PlayStation 5 gamepad rather than using the standard app. To accomplish this, he used Anthropic's Claude Code AI coding assistant to reverse-engineer the protocol used by the DJI Romo to communicate with its cloud servers. Instead of merely unlocking control of his own device, his custom app accidentally opened a door to approximately 6,700 to 7,000 DJI Romo robot vacuums operating across 24 different countries worldwide.
The scope of access was alarming. Azdoufal could view live camera feeds from the vacuums, listen through onboard microphones, access automatically generated 2D floor plans of homes, and remotely control the devices. Using just a 14-digit serial number, he could pinpoint a specific vacuum's location and observe its real-time status—battery level, which rooms it was cleaning, obstacles it encountered, and when it was returning to charge. Within nine minutes of connecting to DJI's servers, his system had cataloged 6,700 devices and collected over 100,000 data messages. The technical root cause was embarrassingly basic: DJI's MQTT message broker (the protocol handling communication between devices and servers) lacked topic-level access controls, allowing anyone authenticated with a single device token to read traffic from all other devices in plaintext.
Azdoufal's discovery came to light when he demonstrated the vulnerability to The Verge, which published detailed reporting in mid-February 2026. DJI responded with initial confusion—a company spokesperson claimed the issue had already been fixed the previous week, a statement contradicted mere minutes later when Azdoufal demonstrated thousands of live, actively reporting devices to the publication. DJI subsequently acknowledged a "backend permission validation issue" and released patches on February 8 and 10, 2026. The company later acknowledged additional vulnerabilities discovered by Azdoufal, including a PIN bypass for camera feeds, and awarded him $30,000 in recognition of responsible disclosure.
This incident highlights a broader, alarming pattern in IoT device security. Robot vacuums represent a particularly concerning category: they map the interior layout of homes, often include cameras and microphones for navigation and monitoring, and operate continuously connected to manufacturer cloud infrastructure. In 2024, Ecovacs vacuum owners experienced real-world attacks where hackers remotely controlled devices to shout racial slurs through speakers. Similar vulnerabilities appeared in competing brands including Dreame and Narwal vacuums. Regulatory responses are beginning to emerge—the EU's Cyber Resilience Act will mandate security-by-design for connected products by December 2027, while the UK's Product Security and Telecommunications Infrastructure Act banned default passwords on smart devices in April 2024—but enforcement remains challenging for products manufactured in jurisdictions like China.
Key Takeaways
Sammy Azdoufal used Claude Code AI to reverse-engineer his DJI Romo vacuum protocol for PlayStation 5 control, but gained unauthorized access to approximately 6,700-7,000 devices worldwide instead of just his own, spanning 24 countries across the US, Europe, and Asia.
The vulnerability allowed access to live camera feeds, microphone audio, automatically generated 2D floor plans of homes, IP address locations, and complete remote control of affected vacuums—exposing sensitive home security information and enabling surveillance of thousands of households.
The technical failure was a textbook backend security flaw: DJI's MQTT message broker lacked topic-level access controls, allowing any authenticated user with a single device token to read plaintext traffic from thousands of other devices, violating the principle of least privilege.
Within nine minutes of initial connection, Azdoufal's system cataloged 6,700 devices and collected over 100,000 messages; he verified access by pinpointing a Verge journalist's specific vacuum using only its serial number and confirming its real-time status and home layout.
DJI initially mishandled the disclosure by falsely claiming the vulnerability was already patched, immediately contradicted when Azdoufal demonstrated live access to thousands of active devices; the company subsequently issued patches on February 8 and 10, 2026, and awarded $30,000 for responsible disclosure.
Robot vacuums represent a high-risk category of IoT devices due to their continuous connectivity, onboard cameras and microphones for navigation, and automatic generation of detailed home floor plans that are now exposed to unauthorized access.
This incident follows a documented pattern of widespread robot vacuum security failures: Ecovacs devices were hijacked in 2024 to verbally abuse owners, while 2025 revealed similar vulnerabilities in Dreame and Narwal models, indicating systemic industry-wide security negligence.
The use of AI coding assistants like Claude Code significantly lowers the technical barrier for offensive security research, as Azdoufal decompiled the mobile app, understood the protocol, and built a functional attack in hours rather than requiring specialized security expertise.
Emerging regulations including the EU's Cyber Resilience Act (mandatory by December 2027) and the UK's PSTI Act aim to address these failures, but enforcement against manufacturers in China and other jurisdictions remains challenging and inconsistent.
Experts recommend separating IoT devices onto guest networks, carefully reviewing manufacturer security practices before purchase, keeping firmware updated, disabling unnecessary features (like cameras on vacuums that can navigate via LiDAR alone), and physically covering device lenses when not in use.
About
Author: Jowi Morales (Tom's Hardware); Original reporting by Sean Hollister (The Verge)
Publication: Tom's Hardware
Published: 2026-02-25
Sentiment / Tone
The article maintains a tone of serious concern combined with mild bemusement at the absurdity of the vulnerability. The Tom's Hardware piece is straightforward and factual with a slightly incredulous headline ("Did he just unintentionally raise his own robot army?"), while the original Verge reporting by Sean Hollister conveys genuine alarm at what he witnessed during the live demonstration. Across coverage, there's a consistent theme of frustration with manufacturers' negligence—described as "textbook security failures" and "embarrassingly basic" flaws—paired with recognition that Azdoufal bears no malicious intent and acted responsibly by disclosing the issue. The overall narrative frames this as emblematic of a systemic problem in the IoT industry rather than a novel technical breakthrough. The author positions the vulnerability as both darkly comedic (a hobbyist gaining control of 7,000 devices through a gaming controller modification) and deeply alarming (unprecedented surveillance access to thousands of homes).
Hobby coder accidentally creates vacuum robot army | Malwarebytes Comprehensive security analysis by Danny Bradbury explaining the textbook backend security failure, the role of AI tools in lowering the barrier to advanced offensive security, and regulatory context including the EU Cyber Resilience Act and UK PSTI.
Ecovacs robot vacuums get hacked | Kaspersky Detailed technical analysis of 2024 Ecovacs vacuum hacking incidents where hackers remotely controlled devices to shout slurs, explaining the PIN code vulnerability and how attackers intercepted authentication tokens on insecure networks.
**About the Author and Key Players**: Jowi Morales is a tech writer who has covered hardware and consumer electronics since 2021. The original comprehensive reporting came from Sean Hollister, a senior editor and founding member of The Verge with 15 years of experience editing major tech publications (CNET, Gizmodo, Engadget), lending significant credibility to the technical details. Sammy Azdoufal is described as an "AI strategist" or "software engineer specializing in AI strategy," indicating he has legitimate technical expertise—his use of Claude Code was practical problem-solving, not malicious intent.
**Broader Context and Pattern**: This incident sits within a well-documented pattern of IoT failures. The predecessor incident involved Ecovacs vacuums in 2024, where hackers (not security researchers) hijacked devices across US cities to verbally abuse owners. Security researchers Dennis Giese and Braelynn Luedtke presented detailed hacking methods at DEF CON 32 in August 2024, identifying PIN bypass vulnerabilities that Ecovacs failed to adequately address. In 2025, similar flaws were found in Dreame X50 Ultra and Narwal vacuums. This suggests systemic manufacturer failure rather than isolated incidents. South Korea's consumer watchdog tested six brands in 2024; while Samsung and LG performed well, three Chinese models showed serious vulnerabilities.
**Role of AI in Security**: The Malwarebytes analysis emphasizes a critical implication: Azdoufal used Claude Code to decompile DJI's mobile app, reverse-engineer protocols, extract his own authentication token, and build a functional attack client—all in hours. This demonstrates that AI coding assistants are dramatically lowering the technical barrier for offensive security research. The population capable of probing IoT protocols has expanded far beyond traditional security researchers, fundamentally changing the threat landscape.
**Regulatory Landscape**: The EU's Cyber Resilience Act will require mandatory security-by-design for connected products sold in the EU by December 2027, with fines up to €15 million. The UK's Product Security and Telecommunications Infrastructure Act (PSTI), effective April 2024, became the world's first law explicitly banning default passwords on smart devices. The US Cyber Trust Mark is voluntary. However, enforcement against Chinese manufacturers who ignore CISA coordination requests remains a practical challenge.
**DJI's Response**: The company initially claimed the vulnerability was already fixed, contradicted minutes later when Azdoufal demonstrated thousands of live devices still reporting in. This mishandling damaged credibility. DJI later acknowledged backend permission validation issues and released patches on February 8 and 10, 2026. The $30,000 award (comparable to industry bug bounties for critical vulnerabilities) suggests DJI recognized the severity and treated Azdoufal's disclosure professionally once the demonstration forced clarity.
**Fact Verification**: Multiple independent sources (The Verge, Malwarebytes, Kaspersky, The Guardian, Inc., Financial Express, ZME Science) confirm the core details. Dates align: original discovery around February 14, 2026 (Valentine's Day), patches February 8 and 10 (before the public disclosure), payment announcement following. The 6,700-7,000 device count is consistent across sources, as is the 24-country distribution.
**Potential Biases and Limitations**: The coverage is uniformly critical of DJI and the broader IoT industry, which is deserved but somewhat one-sided. No coverage interviewed DJI engineers about legacy constraints or the difficulty of retrofitting security to deployed systems. The incident highlights failures of Chinese manufacturers but doesn't explore whether this is a systematic issue across all IoT makers or localized to cost-cutting decisions in that region. Some sources emphasize the "accidental" nature to humanize Azdoufal, which is fair, but could minimize the significance of what a truly malicious actor could have done.
Topics
IoT security vulnerabilitiesMQTT protocol flawssmart home privacyrobot vacuum securityDJI Romobackend permission validationresponsible disclosureAI-assisted security research