Man's attempt to control his robot vacuum leads to 7,000 devices being inadvertently hacked
Published on Feb 27, 2026 at 3:49 PM (UTC+4)
by Daisy Edwards
Last updated on Feb 27, 2026 at 3:49 PM (UTC+4)
Edited by
Emma Matthews
A man’s attempt to control his robot vacuum led to 7,000 devices being inadvertently hacked, and the story is like the origin story of the cleanest robot overlord in history.
Spanish software engineer Sammy Azdoufal just wanted to drive his DJI Romo robovac around with a PlayStation 5 DualSense controller, because… why not?
With help from an AI coding tool, he built a homemade remote control setup and started poking around how the vacuum talks to DJI’s servers.
Instead of unlocking a fun party trick, he accidentally uncovered a security flaw that opened the door to thousands of other vacuums around the world.
EXPLORE SBX CARS – Supercar auctions starting soon powered by Supercar Blondie
He became an instant robot vacuum overlord
According to reports, tech engineer Sammy Azdoufal’s custom app connected to DJI’s backend in a way that did not properly limit access to just his own device.
The result was as scary as it is hilarious: around 7,000 robot vacuums across roughly two dozen countries started ‘answering’ back.
And these are not dumb little cleaning robots that bonk into chair legs and eat your AirPods anymore.
The DJI Romo reportedly uses cameras and sensors for navigation, which means the accidental access could include things like live video, audio, and detailed home maps.
Yes, home maps, actual floor plans of someone’s living room, generated by their own vacuum.
Importantly, reports say he wasn’t trying to hack the world, and there is no indication he set out to target other users; this was very much a case of tinkering around and accidentally uncovering a very big security flaw.
Click the star icon next to supercarblondie.com in Google Search to stay ahead of the curve on the latest and greatest supercars, hypercars, and ground-breaking technology
7,000 devices being inadvertently hacked was a wake-up call
Azdoufal reportedly disclosed the issue responsibly, and DJI has said it pushed server-side fixes to address the vulnerability.
The conclusion is simple: if a smart gadget has cameras, mics, and cloud access, it needs rock-solid authentication and privacy protections.
Because today it is a curious engineer with a PS5 controller.
Tomorrow, it could be someone with far worse intentions.
DISCOVER SBX CARS: The global premium car auction platform powered by Supercar Blondie
Daisy has been creating tech content for SB since January 2025. With a History and Journalism degree from Goldsmiths University and a background in multimedia journalism, Daisy is always the first to pitch the seed of an idea to the audience editor team, who collab with her to transform it into a fully informative and engaging story.
