Breaking 20:45 Trump claims Iranian vessels would be barred from Strait of Hormuz transit 20:20 Rubio vows to weaken International Criminal Court amid renewed U.S. campaign 19:53 FIFA offers authenticated 2026 World Cup final pitch memorabilia for collectors 19:33 Moroccan-American referee Ismail Elfath appointed for Argentina vs. England World Cup semi-final 16:58 Apple warns iPhone users about rising FaceTime scam attempts 11:38 United States restricts air travel from DR Congo amid Ebola outbreak 11:24 Legionnaires' disease outbreak in New York sickens 60 as investigation expands 11:01 Trump clean energy policies trigger $83 billion setback in U.S. projects 10:57 Morocco and United States launch plans for African multidomain training center in Tan-Tan 10:46 BMW recalls more than 29,000 US vehicles over potential fire hazard 10:45 Morocco and the United States sign agreement to establish joint African military training center 10:15 Subaru recalls more than 541,000 vehicles in the US over certification label error 10:01 Samsung weighs potential US ADR listing as global capital market options expand 10:00 Meta expands AI ambitions with data center investment exceeding $50 billion 09:46 Trump to deliver televised address to the nation amid rising tensions with Iran 09:01 US immigration enforcement faces renewed scrutiny after fatal ICE shooting in Maine 07:58 Anthropic adds built-in web browser to Claude Code for seamless developer workflows 07:45 Iran targets US base in Jordan as regional tensions intensify and oil prices climb

DJI Romo vacuum hack reveals global security risks

Monday 09 March 2026 - 11:50
By: Dakir Madiha
DJI Romo vacuum hack reveals global security risks

Spanish software engineer Sammy Azdoufal modified his DJI Romo robot vacuum to respond to a PlayStation 5 controller. He used AI tool Claude to reverse-engineer the DJI app's MQTT communication protocol with company servers. A backend authentication flaw let his device token access roughly 7000 vacuums and power stations across more than 20 countries.​

Azdoufal viewed live camera streams, microphone audio, 3D floor plans, precise locations, battery levels, cleaning progress, and obstacle reports from strangers' homes. A Verge journalist shared a test vacuum's serial number; Azdoufal pulled its real-time data within minutes, including room scans. In one demo, about 6700 devices reported current rooms, cleaning operations, hurdles faced, and charging spots.

Azdoufal alerted DJI, which patched the main vulnerability by February 24, 2026, blocking cross-device access. The company revoked his token, including for his own unit, and pulled the Romo model from its store two days later. Some issues persist, like PIN overrides for camera views.​

The flaw used weak device-agnostic authentication in MQTT messaging. No misuse occurred, but experts warn connected home gadgets with cameras and mics pose privacy threats. Prior incidents include 2024 Ecovacs Deebot hacks in U.S. cities, where intruders remotely drove vacuums and played slurs.​


  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.