A software engineer in Spain had the surprise of his life when he found himself in control of thousands of robots in what was supposed to be a pet project. Sammy Azdoufal set out to customize his new Chinese-made DJI Romo robot vacuum, a high-end autonomous cleaner that comes with a price tag of $2,000 that maps homes, mops floors, and navigates obstacles with onboard sensors, according to Popular Science. Dissatisfied with the manufacturer’s app, Azdoufal aimed to steer the device using a PlayStation 5 controller (like any intelligent man would) and that’s when things got weird. Using an AI-powered coding assistant, Azdoufal reverse-engineered the vacuum’s communication protocol with DJI’s cloud servers and unwittingly uncovered a critical backend vulnerability. The authentication token for his single device granted access to live camera feeds, microphone audio, detailed floor maps, and operational status from nearly 7,000 other Romo units deployed across 24 countries. Azdoufal leads AI strategy at a vacation rental home company; when he told me he reverse engineered DJI’s protocols using Claude Code, I had to wonder whether AI was hallucinating these robots. So I asked my colleague Thomas Ricker, who just finished reviewing the DJI Romo, to pass us its […]