Consumer Rights Wiki

DJI Romo robot vacuum vulnerability: Difference between revisions

← Older editNewer edit →
VisualWikitext
PixelRunner (talk | contribs)
confirmed
129 edits
m PixelRunner moved page DJI Robot Vacuum Hack to DJI Romo robot vacuum vulnerability: Misspelled title: Not in sentence case: more descriptive
PixelRunner (talk | contribs)
confirmed
129 edits
Add more information
Line 9: Line 9:
|ArticleType=Product
|ArticleType=Product
|Description=DJI vacuum cleaners get accidentally hacked by guy using Claude Code.
|Description=DJI vacuum cleaners get accidentally hacked by guy using Claude Code.
}}
}}A vulnerability in DJI Romo vacuums was discovered in 2025 which would've allowed malicious actors to remotely access and control all of them without hacking into DJI servers.<ref name="Verge">{{Cite web |last=Hollister |first=Sean |date=2026-02-14 |title=The DJI Romo robovac had security so poor, this man remotely accessed thousands of them |url=https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt |work=The Verge}}</ref>
{{Ph-I-Int}}
 
==Background==
==Background==
{{Ph-I-B}}
{{Ph-I-B}}


==[Incident]==
==DJI Romo remote access vulnerability==
{{Ph-I-I}}
In 2025, Sammy Azdoufal created an app to control his new DJI Romo robot vacuum with a PS5 controller. As a result of the device utilizing one API key, he unintentionally had remote access to approximately 6,700 DJI Romo vacuums, and over 10,000 total devices. He was able to do this by accessing his data on his own device, without hacking a DJI server or sending malware to other vacuums.<ref name="Verge" />
In 2025, Sammy Azdoufal created an app to control his new DJI robot vacuum. As a result of the device utilizing one API key, he had access to 7 thousand of the same vacuum.<ref name="Verge">{{Cite web|url=https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt|title=The DJI Romo robovac had security so poor, this man remotely accessed thousands of them|first=Sean|last=Hollister|date=2026-02-14|work=The Verge}}</ref>


===[Company]'s response===
===DJI's response===
{{Ph-I-ComR}}
{{Ph-I-ComR}}
After this vulnerability was told to DJI by Sammy and The Verge, remote access to the robot was disabled with that key.<ref name="Verge" />
After this vulnerability was told to DJI by Sammy and The Verge, remote access to the robot was disabled with that key. <ref name="Verge" />
 


==Lawsuit==
DJI had responded with this statement:
{{Ph-I-L}}


"DJI identified a vulnerability affecting DJI Home through internal review in late January and initiated remediation immediately. The issue was addressed through two updates, with an initial patch deployed on February 8 and a follow-up update completed on February 10. The fix was deployed automatically, and no user action is required."<ref name="Verge" /> <!-- Do we have a quote format/template? That would be great -->


==Consumer response==
==Consumer response==
Line 31: Line 29:




==References==
==References<!-- Needs archived --><!-- Also could use more sources -->==
{{reflist}}
{{reflist}}
[[Category:DJI]]
[[Category:DJI]]
Retrieved from "https://consumerrights.wiki/w/DJI_Romo_robot_vacuum_vulnerability"