DJI is paying a man $30,000 after he accidentally hacked into 7,000 of their robot vacuums while trying to control his own with a PlayStation controller. The security researcher discovered he could peek into other people’s homes through thousands of DJI’s Romo robovacs.
What started as a simple weekend project turned into one of the biggest smart home security breaches of the year. The man wasn’t trying to be a hacker – he just wanted to use his gaming controller to drive his robot vacuum around.
When Good Intentions Go Very Wrong
The researcher was tinkering with his DJI Romo vacuum on Valentine’s Day, trying to connect a PlayStation gamepad for easier control. But something went wrong with the connection process. Instead of just controlling his own robot, he suddenly had access to a massive network of 7,000 DJI vacuums in homes around the world.
Through these compromised robots, he could potentially watch live camera feeds from inside people’s houses, see their floor plans, and control their vacuums remotely. The robots were essentially turned into unwitting spy devices in thousands of homes.
The man immediately reported the security flaw to DJI instead of exploiting it. DJI has since fixed the vulnerability and rewarded him with a $30,000 bug bounty payment.
What This Means for Smart Home Security
This incident highlights how easily smart home devices can become security risks. Your robot vacuum, security camera, or smart doorbell could potentially give strangers access to your private space if not properly secured.
DJI says they’ve patched the security hole, but it raises questions about how many other smart devices might have similar vulnerabilities waiting to be discovered.
