DJI Romo robot vacuum vulnerability: Difference between revisions

Revision as of 13:03, 3 April 2026

❗This article is a stub. You can help by expanding it.

A moderator needs to check the page before this notice can be removed. Visit the noticeboard or the #appeals channel in either Zulip or Discord to request removal.

More info ▼

An article may be flagged as a stub when it is missing major elements needed to make it useful to a reader. You can help by adding missing sections, verifiable sources, relevant company policies and communications, etc. to make the article more complete.

Short summary of the incident using references.^[1] Usually 2-3 sentences that summarize the contents or the article. When writing the article, insert text in the space below this box, and then delete this tip box (and the other tip boxes below). In the visual editor, just click on a box and press backspace to delete it. In the source editor, simply delete the double curly brackets, and the text inside them.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Background

Information about the product/service history to provide the necessary context surrounding the incident

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

[Incident]

Change this section's title to be descriptive of the incident.

Impartial and complete description of the events, including actions taken by the company, and the timeline of the incident coming to the public's attention.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

In 2025, Sammy Azdoufal created an app to control his new DJI robot vacuum. As a result of the device utilizing one API key, he had access to 7 thousand of the same vacuum.^[2]

[Company]'s response

If applicable, add the proposed solution to the issues by the company.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

After this vulnerability was told to DJI by Sammy and The Verge, remote access to the robot was disabled with that key.^[2]

Lawsuit

If applicable, add any information regarding litigation around the incident here.

Claims

Main claims of the suit.

Rebuttal

The response of the company or counterclaims.

Outcome

The outcome of the suit, if any.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Consumer response

Summary and key issues of prevailing sentiment from the consumers and commentators that can be documented via articles, emails to support, reviews and forum posts.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

References

↑ ref goes here
↑ ^2.0 ^2.1 Hollister, Sean (2026-02-14). "The DJI Romo robovac had security so poor, this man remotely accessed thousands of them". The Verge.

[1] ref goes here

[Verge-2] 2.0 ^2.1 Hollister, Sean (2026-02-14). "The DJI Romo robovac had security so poor, this man remotely accessed thousands of them". The Verge.

[1]

[2]

Revision as of 22:03, 17 March 2026 edit Mr Pollo (talk \| contribs) Administrators 2,675 edits mNo edit summary ← Older edit		Revision as of 13:03, 3 April 2026 edit undo PixelRunner (talk \| contribs) confirmed 129 edits m PixelRunner moved page DJI Robot Vacuum Hack to DJI Romo robot vacuum vulnerability: Misspelled title: Not in sentence case: more descriptive Newer edit →
(No difference)