Posted on 02/24/2026 11:08:40 PM PST by srmanuel
A software engineer in Spain, used an AI assistant to reverse engineer how a robot vacuum cleaner communicated with DJI cloud servers so he could control his vacuum using the joystick on his game controller and inadvertently took control of over 7000 remote vacuum cleaners which allowed him full control over devices in 24 countries, he had full access to the audio and video coming from the devices, he could control the movement of the devices and was able to produce a detailed map of where the devices were located. Fortunately, the individual reported the security flaw to the company who quickly fixed the issue, DJI is a Chinese Company, and you have to wonder if the flaw was really a feature in disguise allowing Chinese Intelligence a way to spy on potentially hundreds of thousands of people without their knowledge.
Dear FRiends,
We need your continuing support to keep FR funded. Your donations are our sole source of funding. No sugar daddies, no advertisers, no paid memberships, no commercial sales, no gimmicks, no tax subsidies. No spam, no pop-ups, no ad trackers.
If you enjoy using FR and agree it's a worthwhile endeavor, please consider making a contribution today:
Click here: to donate by Credit Card
Or here: to donate by PayPal
Or by mail to: Free Republic, LLC - PO Box 9771 - Fresno, CA 93794
Thank you very much and God bless you,
Jim
The author of this article is illiterate.
My thoughts as well after reading this!
Actually, the problem is with the summation by whoever made it. Which summation (as if the wording of the article itself) may be contrary to FR protocol. See actual article itself: https://www.popsci.com/technology/robot-vacuum-army/
Chinese vacuum is:
- Taking X-rated pictures of everyone in the house
- Accumulating possible blackmail material
- Listening in on conversations for technical information. Chinese intel would know which vacuums are owned by CEOs etc.
I would be worried if it started following me around and hides under the coffee table whenever I look at it. LOL
Problem with those Chinese vacs is that 15 minutes later- the floors
need to be vacuumed again
Well, that had to suck!
Security flaw—or just not supposed to have been discovered by the public?
Bingo.
It's not a bug; it's a feature.
Better synopsis...
Mark Gadala-Maria
@markgadala
This story is actually insane:
• dude drops $2000 on a DJI robot vacuum like a lunatic
• refuses to use the normal app like a peasant
• Sammy Azdoufal fires up Claude to crack the API so he can drive it with an xbox controller
• Claude delivers the goods
• pulls an auth token from their servers, connects successfully
• except the system thinks he controls 7000 vacuums
• checks again
• yep, seven thousand
• DJI built authentication with zero device ownership verification
• any valid token works for any unit on the planet
• Sammy now has eyes inside homes across 24 countries
• live vacuum camera feeds everywhere
• full floor plans from the mapping data
• some guy in germany eating cereal at 3am, unaware his roomba is snitching
• one API call away from being the most informed burglar in history
• all he wanted was to steer his vacuum with a joystick
• does the right thing and reports it
• DJI fixes it in two days
• back to normal life with his stupidly expensive floor cleaner
• IoT companies stay undefeated at shipping garbage security
6:36 PM · Feb 23, 2026 8M Views
https://x.com/markgadala/status/2026078762862006747
And now I’m wondering if Nancy Guthrie used a robot vacuum...
I suspect that a lot of that was known to the user. The Communist Party in China sends agents out around the world. No need to install software on their phones or computers which might be detected and be impossible to explain. Instead, instruct the agents to buy one of these vacuums and communicate back through it.
The vacuums are likely capable of two-way communications.
...and the Communist government of China is not the only government using such household appliances to communicate with their agents around the world.
“you have to wonder if the flaw was really a feature in disguise allowing Chinese Intelligence a way to spy on potentially hundreds of thousands of people without their knowledge.”
The question answers itself. We’re talking Chicoms here. They cannot be trusted with anything, even a robot vacuum.
I wonder if anyone else had discovered the security flaw in the vacuums before the guy in this article and never reported it to anyone.
DJI is the largest maker of drones. IT is controlled by the Chinese military. The US government banned DJI devices from all military bases and government facilities. While their drones are excellent, they spy on everything.
Their audio and video is sent to China.
Users must ask China permission to use the things, a feature called “geofencing”. DJI supposedly turned that off but it still persists.
This vacuum thing just goes to show DJI is in the spy business.
IoT should be hooked up to an internal (not connected to the Internet) router — especially anything with a camera or mic but every device. Your thermostat does not need to blab to Google or your electricity company even if you really want to control temp from your phone.
And it reports your pets to the local Chinese restaurant.
Now if he can get it to work on ATM’s that’s something.
Yes, that opening run-on sentence made my brain hurt.
It’s already happening.
https://www.cybersecurity-insiders.com/fbi-alerts-atm-jackpotting-was-on-rise-in-the-year-2025/
Yes nothing is safe when dealing with high tech.
We don’t even have pay phones for a reason.
Hal gives two beeps
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.