Tinkerer Gains Access to 7K Robot Vacuums

A French software engineer tinkering with his $2,000 robot vacuum wound up with the virtual keys to thousands of other people's homes. Sammy Azdoufal tells the Verge he was trying to figure out how to control his DJI Romo vacuum with a video game controller as a fun experiment. He used an AI coding tool to reverse-engineer how the bot talked to DJI's servers—and discovered that the same credentials granting him control of his own device unlocked live video, audio, maps, and location data from nearly 7,000 vacuums in 24 countries, reports Popular Science.

Azdoufal the contacted the Verge, which alerted DJI. The company says it had already identified the flaw in its DJI Home system and issued automatic patches that are now in place. Users do not need to take any action. The episode lands amid broader concerns over what internet-connected home gadgets can see and store, from Ring cameras to Google's Nest devices, and as lawmakers continue to raise red flags about Chinese-made tech like DJI's. Before the patches took effect, Azdoufal gave a first-hand look at video of the breach to Sean Hollister of the Verge. "I couldn't believe my eyes," writes Hollister.