User accidentally gains control of over 6,700 robot vacuums while tinkering with their own device to enable control with a PlayStation controller — security flaw reveals floor plans and live video feeds

A security flaw inadvertently exposed over 6,700 DJI Romo robot vacuums to unauthorized access when a user created an app to control their device with a PlayStation controller. The flaw allowed access to floor plans, live camera feeds, and remote control of affected devices worldwide. The issue was discovered by AI strategist Sammy Adoufal, who reverse-engineered the communication protocol. DJI resolved the problem through updates, but Adoufal highlighted remaining concerns, including video feed access without a security PIN. This incident underscores the risks of IoT devices and data mishandling, emphasizing the need for robust security measures.