A significant security vulnerability in the DJI Romo robot vacuum platform allowed unauthorized access to thousands of devices worldwide, potentially exposing live camera feeds, microphone audio, and home mapping data. The issue was first reported by The Verge.
According to the Verge report, the flaw was discovered by tech strategist Sammy Azdoufal while experimenting with a custom app designed to control his own Romo unit. Instead of connecting solely to his vacuum, the app reportedly received responses from approximately 7,000 Romo devices across at least 24 countries.
What Data Was Exposed
The vulnerability allowed access to sensitive device data, including:
- Live video feeds from the robot’s onboard camera
- Microphone audio
- Real-time cleaning routes and 2D floor maps
- Telemetry such as battery status and cleaning location
Because many modern robot vacuums use cameras for navigation and remote monitoring, this type of exposure raises obvious privacy concerns.
What Caused the Issue
According to The Verge, the problem stemmed from backend cloud permission controls rather than a flaw in local device hardware. Once a client authenticated with DJI’s server infrastructure, it could subscribe to broader data channels than intended.
Although communications were encrypted in transit, encryption alone did not prevent improperly authorized access once connected to the cloud system.
DJI Romo Coverage at Vacuum Wars
DJI Romo Robot Vacuum Begins Launching in Europe, U.S. Release Still Pending
DJI Enters the Robot Vacuum Market with the Romo Series
DJI’s Response
DJI reportedly deployed two automatic patches on February 8 and February 10 intended to close the most serious vulnerabilities. The company stated that the updates did not require user action and were applied automatically to connected devices.
At the time of reporting, DJI indicated that additional fixes were forthcoming to address remaining issues.
Broader Smart Home Implications
The incident highlights ongoing security challenges within the smart home category, particularly for connected devices equipped with cameras and microphones. As robot vacuums increasingly incorporate advanced navigation systems and remote viewing capabilities, cloud-level access control becomes as important as device-level security.
For owners of DJI Romo units, ensuring the device remains online to receive updates is currently the most practical step.
Vacuum Wars will continue monitoring developments and update readers if further security guidance or firmware updates are announced.
Top 20 Robot Vacuums
Vacuum Wars’ always up-to-date rankings of the best robot vacuums. Because we purchase every unit ourselves, each recommendation is built on hands-on data. Our work now spans more than 150 models, giving us a deep benchmark for judging cleaning power, navigation smarts, battery life, and advanced features such as obstacle avoidance and mopping.
