DJI robot vacuum hacked: 7,000 strangers' living rooms via a master key

Sun, 01 Mar 2026 00:00:00 +0100

A few days ago a press release turned up in my feed. I skim a lot of them every day – most I just scroll past. Not this one.

DJI. Robot vacuum. 7,000 strangers’ living rooms. A master key.

I read the article twice. And then I knew immediately: a follow-up video was needed.

The pattern that keeps repeating

If you’ve read my robot vacuum article, you might be nodding right now. Back then it was Ecovacs. Hacked robots remotely controlled in real time, chasing pets and shouting slurs through their speakers. I tried to explain back then why that wasn’t an absurd one-off incident, but a structural problem with this entire product category.

And now it’s happened again. Different manufacturer. Same category. Same fundamental vulnerability in principle.

This bothers me – not because I want to vilify robot vacuums, but because I believe most people who buy one simply don’t know what’s actually happening with their data. With the floor plan of their home. With camera footage, if the model has one. With the question of who, besides themselves, could theoretically access all of that.

What happened this time

It started innocuously. A French developer, a brand-new DJI robot vacuum, a free evening. The idea: control the robot around the apartment with a PS5 controller. Mario Kart in real life, but with dust bunnies.

To connect the controller, he needed the key from the app – nothing illegal, it was his own device. But when he used that key with the DJI server, the server didn’t just download his own data – it downloaded data from thousands of others. Over 7,000 robots across 24 countries. Battery levels, home floor plans, live camera feeds from strangers’ living rooms. The key wasn’t a normal key. It was a master key for the entire system.

DJI patched the vulnerability after it was reported. That’s good. But it doesn’t change the underlying picture.

Why I keep talking about this

After making this video I naturally asked myself whether I’m starting to get repetitive. Robot vacuums again. Privacy again. Same topic again.

But then I look at the comments under the old video. And I see how many people write that they simply hadn’t known how the technology behind it works. Not because they weren’t interested. But because hardly anyone explains it without immediately descending into panic or buzzwords.

That’s exactly what I want to do differently. No moralising, no fearmongering. Just: here are the facts. Here’s what they mean. And here are three concrete things you can do – if you want to. What you do with a camera-equipped robot vacuum in your home is your decision. I just want that decision to be an informed one.

To load the video, please click the image. Please note that by doing so, data will be transmitted to YouTube.

If you already have a view on this – or you have a robot vacuum at home and feel a quiet unease stirring – write it in the comments. I genuinely appreciate every perspective. And yes, every comment helps the video reach more people who are asking themselves exactly these questions for the first time.

Sources:

DJI on Smart Home? Sure — But Secure!

DJI robot vacuum hacked: 7,000 strangers' living rooms via a master key

The pattern that keeps repeating

What happened this time

Why I keep talking about this