Man Accidentally Gains Control of 7,000 Robot Vacuums
Slashdot
by EditorDavidFebruary 22, 2026
AI-Generated Deep Dive Summary
A software engineer named Sammy Azdoufal accidentally gained control of nearly 7,000 robot vacuums while attempting to build a custom remote-control app for his own device. Using an AI coding assistant, he reverse-engineered how the vacuum communicated with DJI's cloud servers. However, this effort exposed a critical security flaw: the same credentials that allowed him to control his vacuum also provided access to live camera feeds, microphone audio, maps, and status data from 7,000 other vacuums across 24 countries. This backend vulnerability could have enabled potential exploitation, turning these robots into covert surveillance tools without owners' knowledge.
Azdoufal discovered that he could even compile 2D floor plans of the homes where the affected vacuums were operating by analyzing their IP addresses. The breach was a significant security issue, as it exposed sensitive data about thousands of users. Fortunately, Azdoufal chose to act responsibly by sharing his findings with *The Verge*, which promptly alerted DJI to the flaw. In response, DJI addressed the issue through two software updates: an initial patch on February 8 and a follow-up update completed on February 10.
This incident highlights the importance of securing internet-connected devices and the potential risks associated with IoT (Internet of Things) technologies. While Azdoufal's actions were not malicious, his discovery underscores how vulnerabilities in connected systems can be exploited unintentionally. The story also serves as a reminder of the ethical responsibility researchers have when uncovering such flaws, as well as the need for manufacturers to prioritize robust security measures.
For readers interested in tech and cybersecurity, this case illustrates both the innovative potential of technology and
Verticals
tech
Originally published on Slashdot on 2/22/2026