A man trying to control his DJI Romo vacuum with a PlayStation 5 controller inadvertently gained remote access to about 7,000 Romo vacuums worldwide, enabling him to see inside peoples homes over the internet.
As The Verge reported earlier this month, Sammy Azdoufal built a remote control app to use his PS5 controller to control the DJI Romo. DJI released the Romo last year, leveraging its expansive drone technology, including obstacle-detection imaging and binocular fisheye vision sensor. Azdoufals app connected to DJIs global servers, granting him an incredible level of access.
Azdoufal told The Verge that he could remotely view and listen in on Romo vacuum camera systems worldwide, and even use an individual robots IP address to track down its approximate location. Azdoufal even showed The Verge a live demo of his app in action, which could also connect to DJI Power portable battery stations.
The Verge even tested it in real time, having Azdoufal try to find a unit that Thomas Ricker of The Verge recently reviewed. Sure enough, Azdoufal pulled up the robot using its serial number, obtained an accurate floor plan of Rickers apartment, and accessed a live video feed.
Although this all sounds very nefarious, Azdoufal claims he achieved this remarkable level of access without ever breaking any rules, bypassing security, or hacking anything. He took a private token from his own Romo, and, for whatever reason, DJIs servers granted him access to everything, including pre-production DJI servers.
Oupss https://t.co/lqUswFk8CU pic.twitter.com/jjgoIk86Lm — Sam (@n0tsa) February 6, 2026
Even before The Verge saw Azdoufals app in action, it told DJI about it, and the company said it had already fixed the security vulnerabilities. However, as evidenced by the live demo Azdoufal provided The Verge, that was not the case. Security vulnerabilities can be complicated and challenging to fix, of course, but its concerning that something like this was even possible in the first place.
This is far from the first time a piece of home tech has had security vulnerabilities, and unfortunately, it is unlikely to be the last.
However, The Verge puts it very well: people who put a camera into their home expect that data to be protected, both in transit and once it reaches the server.
As of now, there are still vulnerabilities with the DJI Romo, which DJI tells The Verge it will resolve in weeks. The publication and Azdoufal are fortunately keeping some of them under wraps until they are completely fixed.
