Man Accidentally Gains Control of 7,000 Robot Vacuums via AI-Assisted Reverse Engineering

An Accidental Discovery with Major Implications

Software engineer Sammy Azdoufal wanted to control his DJI robot vacuum with a video game controller. To build a custom app, he used an AI coding assistant to reverse-engineer how the device communicated with DJI remote cloud servers. What he found was far more significant than expected.

Access to 7,000 Devices

The same credentials that let him see and control his own device also provided access to live camera feeds, microphone audio, floor maps, and status data from nearly 7,000 other vacuums across 24 countries. The backend security bug effectively turned an army of internet-connected home robots into potential surveillance tools — and their owners had no idea.

Had a malicious actor found this vulnerability first, they could have monitored the interior layouts, daily routines, and private conversations of thousands of households worldwide.

The Smart Home Security Problem

The incident illustrates how robot vacuums — equipped with cameras, microphones, and detailed floor maps — are far more than simple appliances. They are potential surveillance devices if security is not rigorously maintained. Notably, this vulnerability was found not by a professional security researcher, but by an ordinary developer who simply wanted a more fun way to use his own device. As AI coding tools lower the barrier to reverse engineering, discoveries like this are likely to become more common.