Robot Vacuum Hack: Programmer Gains Control of Thousands of Devices

A Spanish software engineer inadvertently gained administrative access to a fleet of over 6,700 robotic vacuum cleaners manufactured by DJI, according to multiple reports from Dutch and Belgian news outlets. The engineer, whose name has not been widely released, was able to view live camera feeds and listen through the devices’ microphones.

The security breach, first reported by the Dutch newspaper de Volkskrant, stemmed from a vulnerability in DJI’s Romo robot vacuum system. The engineer discovered the flaw while attempting to improve the system’s functionality. Hart van Nederland reported that the engineer was able to “look and listen” through the network of devices.

Clickx.com detailed that the engineer gained control due to a security lapse, allowing access to the vacuum cleaners’ internal systems. Ekhbary.com reported a slightly higher number of affected devices, stating the engineer controlled approximately 7,000 units. The engineer reportedly contacted DJI to alert them to the issue, and the company subsequently addressed the vulnerability.

The incident raises concerns about the security of internet-connected devices, particularly those with cameras and microphones. While DJI has reportedly fixed the immediate issue, the case highlights the potential for unauthorized access and surveillance through everyday household appliances.

Recent reports indicate DJI is working to enhance the security of its robotic vacuum cleaners, and is tipped to secure Matter support, according to The Ambient. As of February 25, 2026, DJI has not released a public statement detailing the full extent of the breach or the measures taken to prevent similar incidents in the future.