The Unintentional Hacker: How One Individual Took Over 7,000 Robots

Name: The Accidental Hacker.

Age: Sammy Azdoufal’s age is irrelevant in this context. What truly matters is the significance of his actions, especially as they relate to today’s technological landscape.

So, what exactly did Azdoufal do? He connected his DJI Romo vacuum cleaner to his PS5 controller.

And why would someone do that? As he explained to the New York-based tech publication, The Verge, it was simply because he thought it would be amusing.

Fair enough! But how did he manage to pull this off? Azdoufal employed an AI coding assistant known as Claude Code to reverse-engineer the communication protocol between his robot vacuum and DJI’s remote cloud servers.

This is getting complicated! I admit, I’m also struggling to grasp it fully. But here’s the deal: Azdoufal is a software engineer and the head of AI strategy at a vacation rental company, so he’s familiar with this kind of work. What’s truly fascinating, though, is what unfolded next …

So, what happened afterward? Did he just lounge on the sofa, steering his vacuum cleaner with a joystick? That might actually be fun, albeit somewhat counterproductive for a device designed to automate cleaning tasks. Yet, what he discovered went way beyond mere amusement: he realized he could not only control his own vacuum but also had unauthorized access to data from numerous other robot vacuums!

What kind of data are we talking about? Azdoufal stumbled upon live camera feeds, audio from microphones, and detailed maps from nearly 7,000 devices spanning 24 countries.

Tinker Tailor Cleaner Spy! Well, sort of an unintentional spy. Yes, Azdoufal uncovered a backend security flaw that could potentially allow countless internet-connected vacuum cleaners—which also act as surveillance devices—to spy on their owners without anyone being the wiser.

That’s incredible! So, what did he do with this newfound capability? To the surprise of many, Azdoufal took his findings directly to The Verge. One of its reporters provided him with the serial number of a DJI Romo vacuum he had been testing for a review; within minutes, Azdoufal could see it agitating the reporter’s living room, aware that it had 80% battery life remaining. Additionally, he was able to generate and transmit a complete floor plan of the house!

That’s downright chilling. Does this mean that more malicious individuals could potentially exploit these robot vacuum cleaners for spying purposes? The Chinese company DJI, also known as Shenzhen Da-Jiang Innovations Sciences and Technologies Ltd, initially informed The Verge that the issue had “been resolved.” However, Azdoufal claimed that DJI hadn’t addressed all of the vulnerabilities he had identified. Since The Verge published its exposé, DJI has additionally communicated with Popular Science to assert that the issue has been “resolved”.

Well, of course they would. Nevertheless, this incident serves to underscore important warnings and concerns regarding smart home devices and robots, particularly how they could be targeted by hackers—or may already be.

What you should say: “Yeah, I get it. You’ve got cameras and a slightly unsettling smile, but I’m sticking with my trusty Henry. After all, you can’t actually see … can you?”

However, don’t say: “You missed a spot in the corner—yes, you there in Taipei. And, by the way, we’re watching you.”