Tech Explained: Here’s a simplified explanation of the latest technology update around Tech Explained: Robot Vacuum Cleaner Or ‘Indoor Spy’? One AI Experiment Exposed Secrets Of 7,000 Homes | Tech News in Simple Termsand what it means for users..
Last Updated:
A misconfiguration let an AI expert access over 6700 DJI robot vacuums globally, exposing live feeds and home maps
In his experiment, the man was able to access live camera feeds, digital home maps and device-level data. (AI Image)
Technology has now deeply embedded itself in daily life. Almost every household appliance has turned hi-tech, many powered by Artificial Intelligence (AI). From washing machines to vacuum cleaners, devices are rapidly becoming robotic and AI-enabled. Consumers are embracing these smart gadgets without fully considering their potential risks. In a startling development, one such device has triggered a major privacy scare, forcing users to rethink their dependence on smart technology.
A man attempting to operate his robot vacuum cleaner using a gaming controller inadvertently gained access to thousands of homes across the world. There was no cyberattack, no password breach, and no server hack. Yet, a minor technical misconfiguration exposed the privacy of nearly 7,000 households. The incident has raised serious concerns about the security architecture of smart home ecosystems.
According to a CNBC TV18 report, the man, who leads AI strategy at a vacation rental company, was developing an app to remotely control his robot vacuum using an AI coding assistant. The report states that he reverse-engineered how the device communicates with the company’s cloud servers while building a custom control system using a PlayStation game controller.
However, the moment his application connected to the servers, not just his personal device but thousands of robot vacuums worldwide also linked to his system.
Within moments, he was able to access live camera feeds, digital home maps and device-level data. The fact that all this occurred without hacking stunned the tech community and sparked debate over whether smart gadgets could inadvertently turn into “indoor surveillance tools”. According to CNBC TV18, the researcher later said he had no intention of hacking devices and only wanted to control his own robot vacuum remotely.
The issue was later acknowledged by DJI after it was publicly reported on social media platform X. Cybersecurity researchers claimed the vulnerability allowed remote access to movements, microphones and cameras of thousands of devices before it was fixed.
I can confirm that @DJIGlobal has finally fixed the HUGE vulnerability they had on their servers.This vulnerability was discovered by the very skillful @n0tsa , and he reported it to DJI.
It allowed to take remote control (movements, microphone, camera) of over 10 000 robots… pic.twitter.com/j1UunMmNXX
— Gonzague (@gonzague) February 11, 2026
What’s the Whole Matter?
According to CNBC TV18, the AI expert attempted to create a new app to control his DJI robot vacuum with a PlayStation controller. Using AI coding tools, including AI-assisted coding software, he studied the communication protocol between the device and the cloud server.
He soon discovered that thousands of other vacuum cleaners were also being accessed using his device’s credentials. Within minutes, his system connected to more than 6,700 devices across 24 countries. CNBC TV18 reported that his laptop catalogued these devices in less than 9 minutes and collected more than 1 lakh device messages during testing.
He realised that he could view live camera feeds from these robots, listen to sounds, and create a complete digital map of each room in a home. He could even estimate their location using the device’s IP address, all without cracking a password.
According to CNBC TV18, once the custom application began communicating with the cloud servers, thousands of robot vacuums started treating him as their owner instead of just recognising his own device. He was able to remotely control several units and even tested the system with a friend’s robot vacuum. The access allowed him to map rooms and generate detailed 2D floor plans of homes.
The report also stated that the researcher discovered his device was “just one in an ocean of devices” connected to the same system.
CNBC TV18 further reported that access could have extended to more than 10,000 devices if other connected products such as the company’s portable power stations using the same servers were included.
This incident demonstrates how dangerous cloud-connected smart devices can be. A simple mistake can compromise the privacy of millions of users. However, the individual did not misuse this access and immediately informed the company.
According to CNBC TV18, the robot vacuum model involved is an autonomous home robot introduced in China last year and is now expanding to other markets. The device is equipped with multiple sensors to navigate homes and detect obstacles and is primarily controlled through a mobile application.
How Did the Company Fix the Flaw?
The company claimed to have fixed the security lapse as soon as it became aware of the issue. After the update was released, the man’s scanner was unable to connect to any device. This means that the major security flaw in the server was closed. According to CNBC TV18, the company confirmed that the issue has now been “resolved”. After the fix was deployed, the researcher’s system could no longer detect or access any robot vacuum devices. The company stated that user data is now safe and the system has been updated.
Was This a Hack?
No, it was not a hack. The man neither cracked a password nor compromised any server. It was a security misconfiguration. Due to this, the system was treating multiple devices as a single user even with valid credentials.
According to CNBC TV18, the researcher stated that he did not bypass any security protections or use brute-force methods and accessed the devices only through valid credentials.
How Much Risk Did This Pose to Users?
The threat was serious because robot vacuums have cameras, microphones, and a home mapping system. This could have provided information about a home’s activities and even its location. Even information about what’s happening in the home can be obtained, which is extremely dangerous for privacy.
According to CNBC TV18, the researcher was able to see device serial numbers, cleaning status, distance travelled, battery return timings and obstacles detected by the robots, highlighting the extent of accessible data.
Are Such Devices Secure Now?
According to the company, the issue has been fixed. But this incident highlights the importance of regular updates, strong passwords, and privacy settings when using smart home devices.
What Are the Lessons for Smart Device Users?
This incident exposes the hidden vulnerabilities of smart technology. AI and cloud-connected devices are certainly convenient, but security needs to be equally strong. Users should always keep apps updated, disable unnecessary permissions, and use only trusted networks.
February 25, 2026, 17:27 IST
Read More