TheRetroArcade
Veteran
Posts: 1,957
Joined: Feb 2026
Joined: Feb 2026
Oops.
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Get sneak previews, exclusive competitions and details of special events each month!
Software engineer Sammy Azdoufal had a humble goal: He wanted to control his robot vacuum with a PS5 gamepad, because controlling things with a gamepad is cool. Shortly after pursuing that dream, however, Azdoufal found he had gained control of over 7,000 robots that were happy to provide him camera feeds and floor plans of strangers' homes in two dozen countries across the globe (via The Verge).
Azdoufal's field promotion to international robot commander occurred after tasking Claude Code with analyzing the traffic between his newly purchased DJI Romo vacuum and the manufacturer's servers. But when the security token it provided gave him access to not just his DJI Romo, but to all DJI Romos around the world, it was clear that he'd stumbled upon a glaring security flaw.
Every three seconds, Azdoufal's Claude-built app collected the serial numbers of thousands of robots pinging back to home base, reporting information about their cleaning routes, their charge states, obstacles they'd encountered. He could activate their on-board cameras and microphones. He could reconstruct the 2D floor plans of their owners' homes using their recorded spatial data. And with each machine's IP address, he could approximate the rough location of each robot vacuum's household.
DJI's security oversight had delivered an entire global surveillance apparatus to a guy who just wanted to drive his vacuum with a DualSense for kicks.
DJI issued a patch to relevant vacuums that addressed the security oversight within days of being contacted by Azdoufal and The Verge, and a spokesperson admitted that "a backend permission validation issue affecting MQTT-based communication between the device and the server" allowed "theoretical potential for unauthorized access to live video of ROMO device." And really, who among us hasn't created a backend permission validation issue affecting MQTT-based communication?
Azdoufal says that some of the vulnerabilities he's found through his Claude-empowered prodding remain unaddressed, however. DJI has committed to stitching up those remaining holes "within weeks," but we're all left to provide our own unsettling explanations as for why a vacuum even needs a microphone in the first place. Hearing isn't a sense that vacuums need. It mostly just needs the vacuuming-relevant ones.
Given our continuing reckless descent into electric woe, it should come as no surprise that this isn't the first case of robovac espionage. In 2024, hackers utilized security flaws in Ecovacs vacuum cleaners to spy on their owners, assail them with slur...Read more: Full article on www.pcgamer.com
What do you think about this?
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Get sneak previews, exclusive competitions and details of special events each month!
Software engineer Sammy Azdoufal had a humble goal: He wanted to control his robot vacuum with a PS5 gamepad, because controlling things with a gamepad is cool. Shortly after pursuing that dream, however, Azdoufal found he had gained control of over 7,000 robots that were happy to provide him camera feeds and floor plans of strangers' homes in two dozen countries across the globe (via The Verge).
Azdoufal's field promotion to international robot commander occurred after tasking Claude Code with analyzing the traffic between his newly purchased DJI Romo vacuum and the manufacturer's servers. But when the security token it provided gave him access to not just his DJI Romo, but to all DJI Romos around the world, it was clear that he'd stumbled upon a glaring security flaw.
Every three seconds, Azdoufal's Claude-built app collected the serial numbers of thousands of robots pinging back to home base, reporting information about their cleaning routes, their charge states, obstacles they'd encountered. He could activate their on-board cameras and microphones. He could reconstruct the 2D floor plans of their owners' homes using their recorded spatial data. And with each machine's IP address, he could approximate the rough location of each robot vacuum's household.
DJI's security oversight had delivered an entire global surveillance apparatus to a guy who just wanted to drive his vacuum with a DualSense for kicks.
DJI issued a patch to relevant vacuums that addressed the security oversight within days of being contacted by Azdoufal and The Verge, and a spokesperson admitted that "a backend permission validation issue affecting MQTT-based communication between the device and the server" allowed "theoretical potential for unauthorized access to live video of ROMO device." And really, who among us hasn't created a backend permission validation issue affecting MQTT-based communication?
Azdoufal says that some of the vulnerabilities he's found through his Claude-empowered prodding remain unaddressed, however. DJI has committed to stitching up those remaining holes "within weeks," but we're all left to provide our own unsettling explanations as for why a vacuum even needs a microphone in the first place. Hearing isn't a sense that vacuums need. It mostly just needs the vacuuming-relevant ones.
Given our continuing reckless descent into electric woe, it should come as no surprise that this isn't the first case of robovac espionage. In 2024, hackers utilized security flaws in Ecovacs vacuum cleaners to spy on their owners, assail them with slur...Read more: Full article on www.pcgamer.com
What do you think about this?