The Man Who Accidentally Took Control of 7,000 Robot Vacuums

The true story of a robot vacuum hack that was more successful than planned

Controlling a robot vacuum cleaner with a PlayStation 5 controller sounds like the sort of thing somebody would try after a few beers and a YouTube binge. In this case, however, the experiment reportedly ended with access to around 7,000 robot vacuums scattered across 24 countries.

As the story unravelled, there were claims of access to live camera feeds, microphones, home maps, and location data. It was pretty damned intrusive.

What happened?

The shenanigans began earlier this year when a software engineer called Sammy Azdoufal had the awesome idea of seeing if he could drive his DJI Romo vacuum around like a tiny remote-controlled car with his PS5 controller.

It was a harmless plan that required reverse-engineering how the vacuum communicated with its cloud servers.

To help speed things up, he reportedly used Claude. The AI helped him understand the vacuum’s API and backend systems, and eventually he succeeded in his worthwhile task – his robot vacuum hack was a go and he could drive it around with his PS5 controller. All pretty innocent and cool.

Azdoufal makes an alarming discovery

While presumably being pleased with himself Azdoufal soon made an alarming discovery. Instead of only communicating with his own vacuum, the system appeared to expose information connected to thousands of other devices.

The reports say he could view data from around 7000 robot vacuums across the world, including camera access, battery status, floor plans, and other information connected to the devices. The robot vacuum hack had been way more succesful than he’d aniticipated.

It wasn’t a hack in the way you’d imaging, with some hooded youth tapping frantically at their laptop. The issue appeared to stem from weaknesses in the company’s cloud infrastructure and access controls.

The idea that somebody armed with a games controller, an AI assistant, and curiosity could accidentally stumble into thousands of connected devices was alarming. To say the least.

The robot vacuum hack touches a nerve with suspicious tech-types

The story spread rapidly across technology sites and social media, partly because it sounded absurd and partly because it touched on a growing suspicion many people already have that their stuff is spying on them. Modern homes are slowly filling up with internet-connected devices loaded with cameras, microphones, sensors, and mapping systems, and most people rarely think about what any of them are actually doing.

Robot vacuums are one such device that have changed dramatically over the last decade. Early versions mostly bounced randomly off furniture while slowly pushing dust around the room. Modern models contain LiDAR scanners similar to the systems used in self-driving vehicles. They build detailed maps of homes, recognise obstacles, connect to cloud services, and in some cases stream video through onboard cameras.

Many owners probably do not think too deeply about what this means. These devices are cool, but they can be a security nightmare.

This isn’t the first such case

Several robot vacuum companies have faced privacy controversies before. In 2022, images reportedly captured by development-testing robot vacuums ended up online after being shared with contractors. Some of the photographs included private moments inside homes. R

egulators and privacy experts have repeatedly warned that smart home devices create enormous amounts of sensitive data, especially when cameras and microphones are involved.

The difference with this story was the scale and the sheer accidental nature of it.

The flaw was reported but it exposed how AI might change things

Sammy Azdoufal responsibly disclosed the flaw after discovering it, and DJI later said the issue had been fixed. Thank god for honest people. Security researchers who looked at the claims said the problem appeared to involve backend permissions that failed to properly separate devices from one another. This is an issue that could affect lots of devices. Be afraid.

The story also highlighted how dramatically AI coding tools are changing software development. Experienced programmers have used coding assistants for years, but systems like Claude and ChatGPT now allow hobbyists to interact with APIs, reverse-engineer systems, and automate technical work far more quickly than before.

This could mean that some new technological discoveries will involve ordinary people experimenting with gadgets in their spare time and accidentally uncovering problems affecting thousands or even millions of users.

Which again, is pretty cool – but also pretty terrifying.