- The owner of a DJI Romo has exposed a huge security flaw
- Gained access to a global network of 7,000 robovacs
- DJI says it is busy fixing security vulnerabilities
DJI’s first robot vacuum cleaner, the DJI Romo, is expanding into more markets after launching last year, but it apparently comes with some pretty big security holes that led to one amateur hacker gaining control of 7,000 of the machines.
As The Verge reports, DJI Romo owner Sammy Azdoufal was trying to get his PS5 controller to operate his new robovac when he inadvertently took over thousands of devices. The Azdoufal remote control app, created with the help of Claude Code, went through some pretty basic security measures on DJI’s servers.
Not only could Azdoufal control any of these robovacs, he could also access the video and audio they transmitted and view 2D floor plans of the homes they were in. IP addresses could also be accessed, which meant that the approximate locations of these properties could be calculated, along with everything else.
It appears that the security token Azdoufal used to confirm ownership of his own device was good enough that DJI’s servers also granted access to thousands of other DJI Romos. Even DJI Power portable power stations appeared on the map, reporting diagnostics and statuses.
Corrections are coming
The good news is that DJI fixed this issue, confirming to The Verge that the issue is now “resolved” and, in fact, that “the fix was already in the works prior to the public disclosure.” However, it is very worrying that this was possible in the first place, with so little security in place against attacks.
In fact, new DJI products are banned in the US right now, due to concerns about security protocols and the company’s connections to the Chinese government, and suspicions about espionage and surreptitious data collection will not be allayed by this latest security disaster.
There is actually another safety issue with the DJI Romo, which The Verge has deemed too serious to report openly. DJI says this second problem will be fixed in a few weeks, but it will hardly inspire confidence in anyone looking to buy one of the best robovacs right now.
It’s further proof that smart home devices are some of the worst when it comes to security. We’ve reached out to DJI for an official statement on the reports made by The Verge and will report back if we hear anything.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
