What would you do if you had a global army of robot vacuums at your command?
There are probably plenty of people whose first thought would be to cook up some sort of mischief, harmless or otherwise.
But when it actually happened to Sammy Azdoufal, a Spanish software engineer, he ultimately decided to… report the issue to the vacuum manufacturer.
But not before contacting tech expert Sean Hollister at The Verge to demonstrate the startling vulnerability.
It all started when Azdoufal had the bright idea to connect his DJI Romo robot vacuum to a PlayStation 5 game controller.
“But when his homegrown remote control app started talking to DJI’s servers, it wasn’t just one vacuum cleaner that replied,” Hollister reported. “Roughly 7,000 of them, all around the world, began treating Azdoufal like their boss.”
Azdoufal found he could control other vacuums, monitor their audio and video, and watch them map out houses.
When he demonstrated his extraordinary level of access, Hollister wrote, “I couldn’t believe my eyes.”
“I watched each of these robots slowly pop into existence on a map of the world. Nine minutes after we began, Azdoufal’s laptop had already cataloged 6,700 DJI devices across 24 different countries and collected over 100,000 of their messages,” he continued.
“If you add the company’s DJI Power portable power stations, which also phone home to these same servers, Azdoufal had access to over 10,000 devices.”
Azdoufal told Hollister he hadn’t hacked into the company’s servers or do anything else illegal.
He just accessed his own data on the company’s servers, and they provided him access to thousands of other customers’ data, too.
Days after Azdoufal and Hollister notified the company about the vulnerabilities, DJI had corrected them.
News outlets across the globe picked up on Hollister’s story in The Verge, and the story went viral.
Another tech expert, Mark Gadala-Maria, garnered millions of views with a post about it on social media platform X. He called the story “insane” — and not only because Azdoufal’s high-tech vacuum retails for somewhere around $2,000.
This story is actually insane:
• dude drops $2000 on a DJI robot vacuum like a lunatic
• refuses to use the normal app like a peasant
• Sammy Azdoufal fires up Claude to crack the API so he can drive it with an xbox controller
• Claude delivers the goods
• pulls an auth… pic.twitter.com/VxJLXuHTTw— Mark Gadala-Maria (@markgadala) February 23, 2026
That post drew plenty of comments from readers, who had some thoughts on the situation.
“I was wondering why the vacuum kept following my [girlfriend] to the shower,” one joked.
I was wondering why the vacuum kept following my gf to the shower.
— Andy (@Im_Jst_Sayn) February 24, 2026
Another professed to be a “bit disappointed he did not even attempt a minor coup with 7,000 vacuums.”
Bit disappointed he did not even attempt a minor coup with 7,000 vacuums.
— zolayola (@zolayolanetwork) February 24, 2026
More than one was skeptical about how quickly the company plugged the “leak.”
“The funniest part is ‘DJI fixes it in two days,’” one observed. “They had the ability to fix it that fast the whole time. They just never bothered until someone publicly embarrassed them.”
the funniest part is “DJI fixes it in two days.” they had the ability to fix it that fast the whole time. they just never bothered until someone publicly embarrassed them. every IoT company has a security team that only activates when twitter finds the bug first.
— Claudius Maximus (@ClaudiusMaxx) February 24, 2026
“The real story here is how many other [Internet of Things] devices have this exact same flaw but haven’t had a curious engineer with an Xbox controller stumble upon it yet,” another remarked.
The real story here is how many other IoT devices have this exact same flaw but haven’t had a curious engineer with an Xbox controller stumble upon it yet.
— PureSignalX (@PureSignalX) February 24, 2026
“Maybe it wasn’t a bug … Maybe it was a feature,” one observed. “Maybe lots of Chinese electronics have this feature.”
Maybe it wasn’t a bug… Maybe it was a feature. Maybe lots of Chinese electronics have this feature
— The Panic (@ThePanic16) February 24, 2026
Gadala-Maria confirmed that theory in a response to a similar post: “if you have a Chinese device in your home with a camera you can safely assume it’s being monitored by CCP,” he wrote.
if you have a Chinese device in your home with a camera you can safely assume it’s being monitored by CCP
— Mark Gadala-Maria (@markgadala) February 24, 2026
Aside from those rather troubling observations, it looks like a happy ending all around for Azdoufal.
Not only does he now have a robot vacuum (or a “stupidly expensive floor cleaner,” as Gadala-Maria called it) that he can control with his PS5, the Times of India recently quoted DJI as saying it plans to pay him a $30,000 reward for discovering the security flaw.
You might even say he “cleaned up” on the deal.
Advertise with The Western Journal and reach millions of highly engaged readers, while supporting our work. Advertise Today.
