DJI
TL;DR One DJI Romo vacuum owner tried to code an app to control his vacuum with a PS5 controller.
Insufficient authentication meant that he was able to access data streams from the entire fleet of DJI vacuums.
DJI has since closed the larger security hole here, but other issues persist.
For all the criticism AI rightfully attracts, we also can’t deny that it’s managed to lower the barrier to entry across everything from editing photos to creating music. That extends to making apps, and “vibe” coding has emerged as a surprisingly viable way for many of us to get started with software development. But just because AI can generate code doesn’t mean AI understands what it’s actually doing, as one robot vacuum owner recently learned the hard way.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
Sammy Azdoufal was looking to have some fun with his DJI Romo vacuum, and wondered if he might be able to hack together a way to drive it around with his PS5 controller. He told The Verge about his attempts, using Anthropic’s Claude Code to analyze the DJI app and try to reverse engineer the protocol used to communicate with the company’s vacuums.
Well, Claude did manage to crack that nut. But as Azdoufal quickly learned, Claude might have squeezed a little too hard, because his remote-vacuum-control tool suddenly seemed to have access to all of DJI’s vacuums — and not even just those, but also the company’s power stations.
DJI
... continue reading