comscore

Man accidentally accesses 7,000 DJI vacuums while testing PS5 controller hack

A software engineer accidentally accessed data from nearly 7,000 DJI robot vacuums worldwide while trying to control his device using a PS5 controller.

Published By: Shubham Arora | Published: Feb 26, 2026, 11:10 PM (IST)

  • whatsapp
  • twitter
  • facebook
  • whatsapp
  • twitter
  • facebook

What started as a small experiment at home ended up exposing a much larger issue. A software engineer unintentionally accessed data from thousands of connected robot vacuum cleaners while trying to control his own device using a PlayStation 5 controller. news Also Read: PS5 Indie Games Releasing in 2026 You Should Watch

The incident was first reported by The Verge, which detailed how Sammy Azdoufal connected his DJI Romo robot vacuum to a PS5 controller just to see if it could be done. news Also Read: PS Plus Game Catalogue for February adds Spider-Man 2 and 9 more games: Check full list

From fun project to security discovery

Azdoufal reportedly used an AI coding assistant called Claude Code to understand how his DJI vacuum communicated with remote cloud servers. He reverse-engineered how the vacuum communicated with DJI’s cloud servers and built a simple custom app to control it using the PS5 controller.

While testing it, he realised something was off. The app was not just responding to his own vacuum. It was also pulling in data linked to other DJI Romo units across different parts of the world.

As per The Verge’s report, Azdoufal was able to access information linked to nearly 7,000 robot vacuums across 24 countries. The data reportedly included live camera feeds, microphone audio, battery status, and floor maps generated by the devices.

Demonstrating the scope

To verify the issue, a Verge reporter shared the serial number of a DJI Romo unit being tested for review. Within minutes, Azdoufal was reportedly able to view the device’s location, cleaning status, battery level, and even generate a floor map of the home.

This suggested a backend authentication flaw that allowed responses meant for one device to be accessible through shared credentials.

The story was also covered by Popular Science, which reported that DJI later said the issue had been resolved.

DJI’s response

According to the reports, DJI initially stated that the vulnerability had been fixed. After further coverage, the company again said the issue was resolved, though detailed technical information about the fix was not publicly shared.

Azdoufal, instead of taking advantage of that access, chose to report what he found to media outlets.

Add Techlusive as a Preferred SourceAddTechlusiveasaPreferredSource

Bigger questions around smart devices

The incident puts the focus back on how much smart home devices depend on cloud systems. Robot vacuums today do more than just clean floors. Many come with cameras and sensors that create maps of homes and track movement inside rooms. When that data is stored or processed through cloud servers, security becomes critical.