How this robot vacuum hack exposed data from all customers

For all the criticism AI rightfully attracts, we also can’t deny that it’s managed to lower the barrier to entry across everything from editing photos to creating music. That extends to making apps, and “vibe” coding has emerged as a surprisingly viable way for many of us to get started with software development. But just because AI can generate code doesn’t mean AI understands what it’s actually doing, as one robot vacuum owner recently learned the hard way.

Sammy Azdoufal was looking to have some fun with his DJI Romo vacuum, and wondered if he might be able to hack together a way to drive it around with his PS5 controller. He told The Verge about his attempts, using Anthropic’s Claude Code to analyze the DJI app and try to reverse engineer the protocol used to communicate with the company’s vacuums.

Well, Claude did manage to crack that nut. But as Azdoufal quickly learned, Claude might have squeezed a little too hard, because his remote-vacuum-control tool suddenly seemed to have access to all of DJI’s vacuums — and not even just those, but also the company’s power stations.

These DJI devices use the MQTT protocol to communicate with company servers and the app on users’ phones, and while the company did employ authentication, that wasn’t tied to specific devices — once you had one authentication token you could extract from a DJI app, you could use that to see everyone’s data, everywhere.

For these vacuums, that meant that Azdoufal was able to access floorplan scans and even camera feeds from strangers’ vacuums, thousands of miles away. While DJI ultimately closed the main parts of this loophole, preventing users from accessing the devices of others, there are more vulnerabilities that still remain, like being able to override the PIN for viewing vacuum camera feeds. And we only know about them because AI helped build an app that ended up a whole lot more powerful than expected.