When people refer to it as “the man who hacked 7,000 Roombas,” the narrative is undermined because the robot in question wasn’t an iRobot Roomba at all. It was Romo from DJI. However, the moniker endures because it encapsulates the eerie essence: a tiny disc-shaped assistant that glides beneath couches, charts your hallways, and stealthily gathers the kind of data you wouldn’t give to a stranger at the door.
How banal this episode starts is what makes it so unsettling. Instead of hunting down victims, Azdoufal was attempting to control his own vacuum using a video game controller—a weekend hobby that seems almost harmless in a world of doomscrolling. A living room, a robot the size of a small dog when docked, a racing game controller, and a developer mindset that views every locked door as an opportunity to discover how the hinges operate make up the reportedly cinematic setup.
| Item | Details |
|---|---|
| Person at the center | Sammy Azdoufal (Spanish software engineer/tech strategist, per reporting) (The Verge) |
| What he found | A backend authorization flaw that let one account’s credentials expose data from ~7,000 robot vacuums across ~24 countries (The Verge) |
| Device involved | DJI Romo robot vacuum (cloud-connected, sensor-heavy home robot) (The Verge) |
| Data potentially exposed | Live camera feeds, microphone audio, maps/floor plans, status data, IP-based location clues (The Verge) |
| How it started | A DIY attempt to control his vacuum with a game controller (reported as a PS5 controller in multiple accounts) (The Verge) |
| Fix status (reported) | DJI said it addressed the issue via updates deployed Feb 8 and Feb 10, 2026 (Popular Science) |
| Why it matters | Similar robot-vac hacks have shown real-world spying potential (e.g., Ecovacs incidents reported by ABC News) (ABC News) |
| Authentic reference link | The Verge’s report on the DJI Romo vulnerability (The Verge) |
He needed his homemade app to connect to DJI’s cloud, which is where the official app connects when you pull up a map or schedule a cleaning, in order to accomplish this. The plot loses its cuteness at that point. The credentials that demonstrated that he “owned” his Romo did more than simply unlock his device during the reporting. Thousands were opened. The effect appeared to be a “master key,” though it’s still unclear if that’s the appropriate metaphor. It included feeds, microphones, maps, and device status from about 7,000 machines located in about two dozen countries.
The number alone isn’t the unnerving aspect. It’s the feel of what those figures stand for. A robot vacuum learns the shape of your house in addition to knowing that you have one. The slender hallway connecting the bathroom and bedroom is depicted. The chair that is constantly pulled out at an angle is noticed. Because a toddler dropped it in the same place twice, it runs into the same toy twice. Until you realize that privacy is all about small details, those details seem insignificant.
It seems like the smart-home sector is constantly urging us to embrace the “trust us” design principle. Convenience is always the selling point: let the thermostat anticipate your routine, let the doorbell recognize a face, and let the vacuum clean while you’re away. However, in reality, convenience typically translates to “cloud.” Furthermore, cloud frequently implies that someone, somewhere, created a permissions system that must be flawless every day, forever, across all updates, regions, and hurried sprints. Even for businesses that prioritize security, that’s a high standard. Many don’t.
DJI claimed to have swiftly identified and resolved the vulnerability, deploying updates on February 8 and February 10, 2026, without the need for user intervention. As far as this particular hole is concerned, that may be true, and it sounds comforting. However, it’s difficult to ignore how frequently these stories have the same conclusion: a researcher discovers something significant, the business fixes it, and customers are left wondering what else might be hiding behind the plasterboard.
Robotic vacuums have already ventured into the realm of the spooky before. A demonstration of remote access to an Ecovacs vacuum‘s camera feed was covered by Australia’s ABC in 2024. Subsequent reporting detailed actual instances of hacked vacuums harassing people by rolling around, emitting profanities, and transforming a household device into a taunting presence. You can sense the atmosphere change from “lol, weird” to “this is a surveillance device with a mop attachment” as you watch those episodes play out.
The more serious concern is that the obstacle to mischief keeps falling. According to reports, Azdoufal relied on an AI coding assistant to reverse-engineer the Romo’s communication with the cloud. That detail is important because AI alters who can move quickly, not because it is inherently bad. The traditional gatekeeping has been eroding due to time, specialized knowledge, and obscure tooling. A determined adversary doesn’t need to be exceptionally intelligent if a curious tinkerer can unintentionally trip a global privacy hazard. All they need to do is keep going.
This irony, which verges on dark humor, is that the robots that come into our homes to dust are also gathering the personal details of our lives. And all too frequently, the industry responds with a promise and a patch note. Perhaps that will suffice this time. Perhaps it isn’t. However, the trend is clear—more sensors, more autonomy, more “helpfulness”—and it’s difficult to deny the feeling that we’re creating a future in which the room with the weakest backend permissions is the most private in your house.
Follow Live Media News on Google News
Get Live Media News headlines in your feed — and add Live Media News as a preferred source in Google Search.
Stay updated
Follow Live Media News in Google News for faster access to breaking coverage, reporting, and analysis.
- Search any trending topic on Google (for example: Greece news).
- On the results page, find the Top stories section.
- Tap Preferred sources and select Live Media News.