How One Man Accidentally Gained Control of 7,000 Robot Vacuums

Advertiser Disclosure: At Slickdeals, we work hard to find the best deals. Some products in our articles are from partners who may provide us with compensation, but this doesn’t change our opinions. Our editors strive to ensure that the information in this article is accurate as of the date published, but please keep in mind that offers can change. We encourage you to verify all terms and conditions of any product before you apply.

A wild smart home story made the rounds this week — and it’s equal parts impressive and concerning.

What Actually Happened?

A software engineer recently set out to do something pretty harmless: control his DJI Romo robot vacuum using a PlayStation controller. Instead of relying on the stock app, he used Anthropic’s Claude AI coding tool to help write a custom program that would connect to DJI’s cloud system and let him manually steer the vacuum like a remote-control car. I mean, who wouldn’t want to do that?

But when he authenticated his app with DJI’s servers, something unexpected happened.

Instead of just connecting to his own vacuum, the system reportedly granted him access to thousands of other DJI Romo vacuums around the world. It was somewhere around 7,000 devices across more than 20 countries. That access allegedly included live camera feeds, microphone audio, floor maps and device status information.

The issue wasn’t that he “hacked” the devices in the traditional sense. According to reports, the vulnerability stemmed from a backend authentication flaw. The token issued by DJI’s system wasn’t properly restricted to a single device, meaning it could unintentionally authorize access to other users’ vacuums.

Imagine just wanting to drive your own vacuum around like an RC car and instead tapping into 7,000 of them!

To his credit, the engineer says he did not exploit the access and instead reported the vulnerability so it could be fixed. DJI has since stated that the issue has been patched.

What to Take Away From This

For deal hunters and smart home fans, this is a reminder of two things:

1. Connected devices are only as secure as their cloud systems.
2. Features like built-in cameras and microphones, while convenient, can create bigger privacy risks if something goes wrong.

Robot vacuums have become a popular Slickdeals category thanks to frequent discounts and feature-packed models. But as this story shows, when you’re buying into a smart home ecosystem, you’re also trusting the company’s backend security.

While we do see frequent deals for DJI product posted on our site, I couldn’t find any record of a DJI robot vacuum deal. So if we’re your only source for robot vacuum deals, you were ont affected by this accidental hack.