Breaking 09:02 China condemns new U.S. visa restrictions and warns of reciprocal measures 09:02 U.S. housing market loses momentum as pending home sales decline in June 08:35 Reports raise possibility of delay to 2026 World Cup final over wildfire smoke 08:31 Seven U.S. aid workers quarantine in Kenya after new Ebola travel restrictions 08:30 Donald Trump to attend 2026 FIFA World Cup final between Spain and Argentina 08:15 Trump Accounts program aims to encourage long-term investing for American children 07:58 Iraqi armed group claims to offer reward over threats against Donald Trump 07:15 Trump makes election security a central issue ahead of U.S. midterm elections 20:00 OpenAI investigates reports of AI tool deleting user files without permission 19:15 OnePlus reportedly plans to scale back operations in the U.S. and Europe 18:34 U.S. ammunition stockpile recovery could take years, report says 16:32 Apple explores AI chip acquisitions to strengthen its artificial intelligence infrastructure 14:14 Commemorative Trump dollar coin sparks legal debate ahead of America's 250th anniversary 13:15 Trump defends his first-term economy and Covid-19 response amid renewed debate 13:00 JPMorgan nears historic $1 trillion market valuation 12:42 New York Times challenges Trump administration subpoenas in press freedom dispute 11:44 Musk and Altman reignite AI rivalry amid legal and industry tensions 11:11 US strategic petroleum reserve falls to lowest level since 1983 10:42 Democratic lawmakers show growing support for ending US military aid to Israel 10:21 US defense secretary orders annual testosterone screening for troops over 30

DJI Romo vacuum hack reveals global security risks

Monday 09 March 2026 - 11:50
By: Dakir Madiha
DJI Romo vacuum hack reveals global security risks

Spanish software engineer Sammy Azdoufal modified his DJI Romo robot vacuum to respond to a PlayStation 5 controller. He used AI tool Claude to reverse-engineer the DJI app's MQTT communication protocol with company servers. A backend authentication flaw let his device token access roughly 7000 vacuums and power stations across more than 20 countries.​

Azdoufal viewed live camera streams, microphone audio, 3D floor plans, precise locations, battery levels, cleaning progress, and obstacle reports from strangers' homes. A Verge journalist shared a test vacuum's serial number; Azdoufal pulled its real-time data within minutes, including room scans. In one demo, about 6700 devices reported current rooms, cleaning operations, hurdles faced, and charging spots.

Azdoufal alerted DJI, which patched the main vulnerability by February 24, 2026, blocking cross-device access. The company revoked his token, including for his own unit, and pulled the Romo model from its store two days later. Some issues persist, like PIN overrides for camera views.​

The flaw used weak device-agnostic authentication in MQTT messaging. No misuse occurred, but experts warn connected home gadgets with cameras and mics pose privacy threats. Prior incidents include 2024 Ecovacs Deebot hacks in U.S. cities, where intruders remotely drove vacuums and played slurs.​


  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.