Tinkerer accidentally gets access to thousands of DJI Romo robot vacuums

• One user accidentally gained access to thousands of DJI Romo vacuums worldwide
• Sensitive data, including floor plans and live video feeds, was exposed online
• Encryption of communications was intact, yet server storage remained completely unprotected

A hobbyist discovered that his DJI Romo vacuum unintentionally allowed access to thousands of other devices.

Sammy Azdoufal, an AI strategist, used reverse engineering to understand how the Romo communicated with DJI servers. He did not hack into DJI systems or bypass encryption, and he did not use brute force or other illicit methods.

He was attempting to control his own robot using a PlayStation controller when the protocol returned private tokens for additional vacuums, including more than 6,700 devices located across multiple regions, including the United States, Europe, and China.