- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Spanish Engineer Accidentally Hijacks 7,000 Robot Vacuums Worldwide
Security flaw gave him access to devices' cameras, microphones, and home layouts across 24 countries
Published on Feb. 27, 2026
Got story updates? Submit your updates here. ›
A Spanish software engineer named Sammy Azdoufal accidentally gained control of around 7,000 DJI Romo robot vacuums across the globe after attempting to reverse-engineer his own device to work with a PlayStation 5 controller. The security flaw gave Azdoufal the ability to access the devices' servers, view live camera feeds, activate microphones, and map home layouts in 24 countries. Azdoufal alerted tech outlet The Verge to the vulnerability, prompting DJI to confirm the issue and state that it has been resolved.
Why it matters
This incident highlights the potential security risks posed by internet-connected smart home devices, as a single vulnerability can allow bad actors to gain widespread access to people's private spaces and data. It also raises concerns about the security standards of major tech companies producing these types of AI-powered gadgets.
The details
Azdoufal, the head of AI at a property management and travel group in Spain, said his attempt to reverse-engineer his DJI Romo vacuum cleaner to work with a PlayStation 5 controller using artificial intelligence inadvertently gave him access to the device's servers across 24 countries. Even without hacking into DJI's servers, Azdoufal was able to hijack thousands of the bots, spy through their cameras, activate microphones, map home layouts, and track devices using IP addresses.
- Azdoufal alerted The Verge to the security flaw in February 2026.
The players
Sammy Azdoufal
A Spanish software engineer who accidentally gained control of around 7,000 DJI Romo robot vacuums across the globe after attempting to reverse-engineer his own device.
DJI
A Chinese tech company known for its AI-powered gadgets, including the DJI Romo robot vacuum. DJI confirmed the security flaw and stated that it has been resolved.
What they’re saying
“I found my device was just one in an ocean of devices.”
— Sammy Azdoufal, Spanish software engineer (The Verge)
“I didn't infringe any rules, I didn't bypass, I didn't crack, brute force, whatever.”
— Sammy Azdoufal, Spanish software engineer (The Verge)
“DJI can confirm the issue was resolved last week and remediation was already underway prior to public disclosure.”
— Daisy Kong, DJI spokesperson (The Verge)
What’s next
DJI stated that it will continue to implement additional security enhancements as part of its ongoing efforts to address potential vulnerabilities.
The takeaway
This incident highlights the need for tech companies to prioritize robust security measures for their internet-connected devices, as a single vulnerability can lead to widespread privacy and security breaches. It also underscores the importance of responsible disclosure and collaboration between researchers and manufacturers to identify and resolve such issues before they can be exploited.
New York top stories
New York events
Mar. 9, 2026
Banksy Museum - Flexiticket
Mar. 9, 2026
The Great Gatsby
Mar. 9, 2026
The Play That Goes Wrong