• Home
  • cyber
  • DJI: AI Developer Discovers Major Data Breach in Vacuum Robots
cyber Vulnerability

DJI: AI Developer Discovers Major Data Breach in Vacuum Robots

May 6, 2026 2 min read
DJI: AI Developer Discovers Major Data Breach in Vacuum Robots

AI Developer Uncovers Major Security Flaw in DJI Vacuum Robots

A French AI manager, Sammy Azdoufal, inadvertently exposed a critical security vulnerability in DJI’s Romo vacuum robots while attempting to customize his own device. Using an AI-generated app to connect his vacuum to a PlayStation gamepad, Azdoufal discovered he could access unencrypted data from approximately 7,000 other Romo units worldwide including live camera feeds, floor plans, and private user information.

Azdoufal, who works at a vacation rental company, emphasized that his actions were not malicious but revealed a severe lapse in DJI’s data protection. All sensitive data was stored on servers without encryption, making it easily accessible to anyone with the right tools. Had cybercriminals exploited the flaw, the consequences for users and DJI could have been severe.

After reporting the issue to DJI, the company initially downplayed the risk, claiming developers were already aware of the vulnerability. However, the flaw was patched only after Azdoufal’s disclosure. Despite DJI’s assurances, Azdoufal demonstrated that live video feeds from his own device remained unencrypted, contradicting the company’s claims.

While access to other users’ devices has since been blocked, Azdoufal’s app originally designed for personal use still functions as intended, allowing him to control his vacuum via a gamepad. The program’s code and instructions have been made publicly available on GitHub. The incident highlights the growing risks of smart home devices collecting and mishandling sensitive data.

Source: https://uk.news.yahoo.com/ai-developer-discovers-major-data-060600948.html

DJI TPRM report: https://www.rankiteo.com/company/dji

"id": "dji1778063654",
"linkid": "dji",
"type": "Vulnerability",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Approximately 7,000 Romo vacuum '
                                              'robot users worldwide',
                        'industry': 'Consumer Electronics/Robotics',
                        'location': 'China',
                        'name': 'DJI',
                        'type': 'Company'}],
 'attack_vector': 'Misconfiguration/Unencrypted Data Storage',
 'data_breach': {'data_encryption': 'None (unencrypted)',
                 'number_of_records_exposed': "Approximately 7,000 units' data",
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Live camera feeds, floor plans, '
                                             'private user information'},
 'description': 'A French AI manager, Sammy Azdoufal, inadvertently exposed a '
                'critical security vulnerability in DJI’s Romo vacuum robots '
                'while attempting to customize his own device. The flaw '
                'allowed access to unencrypted data from approximately 7,000 '
                'other Romo units worldwide, including live camera feeds, '
                'floor plans, and private user information. The data was '
                'stored on servers without encryption, making it easily '
                'accessible to anyone with the right tools.',
 'impact': {'brand_reputation_impact': 'Severe',
            'data_compromised': 'Live camera feeds, floor plans, private user '
                                'information',
            'identity_theft_risk': 'High',
            'systems_affected': 'DJI Romo vacuum robots (approximately 7,000 '
                                'units)'},
 'investigation_status': 'Resolved (vulnerability patched)',
 'lessons_learned': 'The incident highlights the growing risks of smart home '
                    'devices collecting and mishandling sensitive data, '
                    'emphasizing the need for proper encryption and data '
                    'protection measures.',
 'post_incident_analysis': {'corrective_actions': 'Vulnerability patched, '
                                                  "access to other users' "
                                                  'devices blocked',
                            'root_causes': 'Unencrypted data storage, lack of '
                                           'proper security measures for smart '
                                           'home devices'},
 'recommendations': 'Implement encryption for all sensitive data, conduct '
                    'regular security audits, and ensure prompt patching of '
                    'vulnerabilities.',
 'references': [{'source': 'Public disclosure by Sammy Azdoufal',
                 'url': 'https://github.com/sammyazdoufal/romo-app'}],
 'response': {'communication_strategy': 'Initial downplaying of risk, later '
                                        'patching after public disclosure',
              'containment_measures': "Access to other users' devices blocked",
              'remediation_measures': 'Vulnerability patched after disclosure'},
 'title': 'Major Security Flaw in DJI Vacuum Robots Exposed by AI Developer',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Unencrypted data storage on DJI servers'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.