Man accidentally controls army of robot vacuums with PS5 controller, gains access to cameras

https://www.dexerto.com/entertainment/man-accidentally-controls-army-of-robot-vacuums-with-ps5-controller-gains-access-to-cameras-3324140/

Michael Gwilliam Feb 24, 2026 · 2 mins read
Man accidentally controls army of robot vacuums with PS5 controller, gains access to cameras
Share this

A software engineer accidentally uncovered a major smart-home security flaw after trying to control his robot vacuum with a PlayStation 5 controller, only to discover he could access thousands of devices around the world.

Sammy Azdoufal was experimenting with his new DJI Romo robot vacuum and building a custom app so he could steer it using a PS5 controller. But while testing the setup, he realized the same credentials used to control his own device also opened the door to thousands of others.

Instead of just moving his vacuum around the living room, Azdoufal suddenly had visibility into nearly 7,000 robot vacuums across 24 countries, according to reports.

Robot vacuums expose thousands of cameras, microphones and floor plans

The unexpected access didn’t just allow remote control; The backend flaw meant he could view live camera feeds, listen through microphones, and retrieve detailed home maps and device data from the vacuums, information that could effectively reveal what was happening inside people’s homes.

The issue stemmed from a server-side permissions problem. Once authenticated with a single device token, the system returned data from many other units instead of restricting access to one machine.

Using only a serial number, Azdoufal reportedly demonstrated he could locate a journalist’s test unit, see its battery level, and generate a map of the home remotely.

Despite the scale of access, Azdoufal said he didn’t hack into the company’s systems or bypass security protections. He simply reverse-engineered how the vacuum communicated with its cloud servers using an AI coding assistant while experimenting with his own device.

After confirming the vulnerability, he shared the findings with reporters, who alerted DJI.

“DJI identified a vulnerability affecting DJI Home through internal review in late January and initiated remediation immediately,” they explained to Popular Science.

The company later said the issue had been addressed with updates, though the incident still raised broader concerns about smart-home privacy risks.

entertainment
Today’s Top Deals: Sonic Racing: CrossWorlds, Free Resident Evil: Requiem with Monitor, and More
More startups are hitting $10M ARR in 3 months than ever before