Man Accidentally Creates Orwellian Nightmare Trying to Clean Room
It always starts with convenience.
This article originally appeared on the Daily Caller News Foundation and was republished with permission.
Guest post by Mark Tanos
A man who wanted to steer his Chinese-designed robot vacuum with a PlayStation controller said he ended up accidentally peering into thousands of strangers’ homes in an interview.
Sammy Azdoufal, the AI strategy lead at a vacation rental company in Spain, built a custom app to operate his new DJI Romo robot vacuum with a PS5 gamepad, he told The Verge on Feb. 10. He said he relied on Anthropic’s Claude Code to decode how the vacuum communicated with DJI’s cloud infrastructure. Instead of connecting only to his machine, approximately 6,700 vacuums across 24 countries reportedly responded to him as their operator within 9 minutes of him sitting down with The Verge’s reporter.
Azdoufal claimed he could view live video feeds, listen through onboard microphones, monitor cleaning activity and produce detailed floor plans of private residences. Device IP addresses reportedly revealed approximate locations. He said he never penetrated DJI’s systems, telling The Verge he simply pulled his own vacuum’s security token and the company’s servers handed over data from thousands of other units.
“I didn’t infringe any rules, I didn’t bypass, I didn’t crack, brute force, whatever,” Azdoufal told The Verge.
He showed the outlet the flaw using a review unit’s 14-digit serial number. With that code alone, Azdoufal identified the device’s battery level and the room it was cleaning, according to the outlet.
A DJI spokesperson told The Verge the company had already resolved the flaw. Roughly 30 minutes after that statement, Azdoufal demonstrated continued access to thousands of devices, according to the outlet. The strategist was reportedly later unable to move The Verge’s robot or access its video or microphone after they reached out to DJI.
DJI later acknowledged a “backend permission validation issue” and said it deployed two patches on Feb. 8 and Feb. 10. However, Azdoufal alleged additional vulnerabilities remained unaddressed.
The report comes amid existing national security concerns surrounding DJI. The FCC placed the Chinese drone maker on its Covered List in December 2025 after a classified interagency review determined foreign-made drones posed unacceptable dangers, DroneXL reported. Republican Florida Sen. Rick Scott has sought to retroactively revoke all DJI FCC authorizations granted after Dec. 23, 2024.
South Korea’s Consumer Agency tested six robot vacuums in 2025 and found critical weaknesses in three Chinese models, South Korean news outlet, The Korea Herald reported. The agency found that Dreame’s X50 Ultra allowed hackers to remotely activate its camera while Narwal and Ecovacs units lacked proper authentication, exposing photos captured during cleaning sessions to outside parties. Samsung and LG devices earned higher marks.
Security researcher Kevin Finisterre told The Verge that housing data on American servers offers no protection against access by DJI’s Chinese workforce.
“It’s so weird to have a microphone on a freaking vacuum,” Azdoufal said.
Copyright 2026 Daily Caller News Foundation
I would never have a robotic vacuum cleaner in my house. There is no way that I’m going to give the floor plan and everything on the floor to somebody in the cloud. Nope.