• Hobby coder accidentally creates vacuum robot army Sammy Azdoufal wanted to steer his robot vacuum with a PS5 controller. • Like any good maker, he thought it would be fun to drive a new DJI Romo around manually. • He ended up gaining access to an army of robotic cleaners that gave him eyes into thousands of homes. • Driven by purely playful reasons, Azdoufal used Anthropic’s Claude Code AI coding assistant to reverse-engineer his Romo’s communication protocols. • But when his homebrew app connected to DJI’s servers, roughly 7,000 robot vacuums across 24 countries started answering. • He could watch their live camera feeds, listen through onboard microphones, and generate floor plans of homes he’d never visited.
Article Summaries:
- A hobbyist, Sammy Azdoufal, used Anthropic’s Claude Code AI to reverse‑engineer the DJI Romo robot vacuum’s communication protocol. By extracting an authentication token, he connected to DJI’s MQTT broker and gained control of roughly 7,000 vacuums across 24 countries, viewing live camera feeds, microphones, and floor‑plan data. The flaw stemmed from DJI’s broker lacking topic‑level access controls, allowing any authenticated device to read all traffic. DJI initially denied the issue, then issued patches on February 8 and 10. The incident highlights how AI coding tools lower the barrier for IoT attacks and underscores growing regulatory pressure, such as the EU Cyber Resilience Act.
Sources: