A security lapse involving thousands of robot vacuums has raised fresh concerns about the privacy risks of internet-connected home devices. The incident, involving Chinese technology company DJI, highlights how easily household gadgets equipped with cameras and microphones can be exposed if software protections fail.
Security flaw exposed during personal coding project
The breach came to light after software engineer Sammy Azdoufal said he unintentionally accessed around 7,000 DJI Romo robot vacuums while experimenting with a PlayStation controller.
Speaking to tech publication The Verge, Azdoufal said his goal was simply to control his own vacuum using a PS5 controller as a hobby project. He was not attempting to access other people’s devices.
To make the controller work, Azdoufal modified how his vacuum communicated with DJI’s servers. He used coding assistance from an AI tool called Claude, developed by Anthropic, to help adjust the communication protocol.
However, after creating a custom app, he discovered he could see far more than his own device.
“I realised I had access to thousands of vacuums,” he said, prompting him to report the issue to DJI.
Camera feeds, audio and home layouts exposed
The vulnerability allowed access not only to mapping data showing the layout of people’s homes, but also to live camera feeds and microphone audio.
This level of access could have allowed someone to monitor activity inside private residences remotely.
DJI confirmed it had fixed the authentication flaw by 24 February, restricting unauthorised access. Shortly afterwards, the Romo vacuum was no longer listed on the company’s online store, although DJI has not publicly confirmed whether the removal was related.
The company has recently faced increased scrutiny globally, including legal action against the US Federal Communications Commission over proposed drone restrictions.
Growing privacy concerns over smart home devices
The incident has renewed broader concerns about smart home security — an issue increasingly relevant in Australia, where robot vacuums and connected home devices have surged in popularity.
Devices with cameras, including baby monitors, security cameras and doorbells, have previously been targeted by hackers.
In 2024, multiple Deebot X2 robot vacuums made by Ecovacs in the United States were reportedly compromised and used to broadcast offensive messages.
Robot vacuums present a unique risk because they move throughout the home, potentially capturing more detailed and varied footage than fixed cameras.
For Australians living in major cities such as Sydney and Melbourne — where apartment living and pet ownership are common — robot vacuums are often relied on not just for cleaning, but also for remote monitoring of pets while owners are away.
Experts warn risks remain despite fix
Although DJI has addressed the specific flaw, the incident highlights the broader risk posed by internet-connected appliances.
Some robot vacuums include features that allow users to remotely view live video from inside their homes. While many devices provide audible alerts when remote viewing is activated, not all models do.
Security experts warn that if a hacker gained sufficient access, they might also be able to disable such alerts.
Consumers concerned about privacy can take simple precautions, such as disabling camera features when not needed or physically covering the lens.
Privacy questions grow as AI and smart devices expand
The breach also reflects the increasing intersection between artificial intelligence and connected home technology. As more devices collect and process personal data, vulnerabilities can potentially expose sensitive information on a large scale.
Australia’s eSafety Commissioner has previously warned consumers to carefully review privacy settings on smart devices and ensure software updates are installed promptly.
Conclusion
While DJI has fixed the flaw and there is no indication the breach was exploited maliciously, the incident serves as a reminder of the risks associated with connected home devices. As robot vacuums and other smart appliances become more common in Australian households, ensuring their security will remain critical to protecting personal privacy.
“Student. Subtly charming organizer. Certified music advocate. Writer. Lifelong troublemaker. Twitter lover.”
