Software engineer accidentally hacks 7,000 DJI robot vacuums worldwide using PlayStation 5 controller

What started as a fun weekend project to control a robot vacuum cleaner with a PlayStation 5 gamepad turned into the accidental discovery of a major security vulnerability, allowing one software engineer to remotely access and view data from approximately 7,000 DJI Romo robot vacuums scattered across 24 countries.

Sammy Azdoufal, a software engineer specialising in AI strategy, purchased a new DJI Romo – the company’s first robot vacuum cleaner – and decided to tinker with it by connecting it to his PS5 controller for manual steering. Using the AI coding assistant Claude Code, he reverse-engineered the communication protocol between the Romo and DJI’s cloud servers, then built a custom app to send commands and receive responses.