Product test
How good is DJI’s first robot vacuum cleaner?
by Lorenz Keller
Unauthorised persons had access to new DJI vacuum robots
18/2/2026
Translation: machine translated
Breakdown at DJI: The manufacturer has only just launched new robot hoovers and now there have already been security problems. A user had access to the microphones and cameras of thousands of devices. The gap has been closed, but the damage to the company's image remains.
In the last few weeks, the DJI Romo has been doing test laps in my home. The first vacuum robot from the drone and camera specialist has been scrubbing and mopping - and I've been keeping a close eye on it.
But maybe someone was also watching me testing it. Because at the same time, a reader contacted the tech magazine «The Verge». He modifies every robot hoover he can get his hands on as a hobby. He wanted to control the DJI Romo with a PS5 controller and has developed a remote control app for this purpose.
Suddenly, however, the user not only managed to do this, but also gained access to around 7,000 robot hoovers worldwide via DJI's servers. He was able to track their activities, when they returned to the charging station - and even create floor plans of the flats. The inventor from the USA also had access to the robotic vacuum cleaner's microphone and camera.
The gap has definitely been closed since 11 February
Together with «The Verge», the user verified the error and then reported it to DJI. Both emphasise that the manufacturer's servers did not need to be hacked for unauthorised access. It was enough to read out the authorisation token of their own robot and use it to start a request. Instead of only receiving the data of his own DJI Romo, he gained access to the data of many robots.
DJI responded to the report within 24 hours. Since 11 February, the gap has definitely been closed and access is no longer possible. «However, The Verge» criticises the fact that DJI claimed in its initial statement that it had discovered the vulnerability in January and delivered a security patch to block remote access at the beginning of February. However, these measures obviously did not solve all the problems. Only a second patch after the report definitively closed the security gaps.
What remains is damage to the image of manufacturer DJI, which has only just entered the robot hoover business. With cameras and microphones in household appliances that are connected to servers, there is always a certain risk. However, users expect sensitive data to be secured as well as possible.
DJI is not the first robot hoover manufacturer to have security problems. In 2024, hackers took over Ecovacs devices and used their speakers to commit offences. In 2025, a Korean consumer organisation found gaps in the security system of Dreame.
Operating vacuum robots without access to the cloud is hardly possible with current models. Cameras are used to recognise obstacles, while microphones and speakers are used for voice control. If you want to know how manufacturers intend to guarantee data protection, at least in theory, you can read about it here.
Header image: Lorenz Keller
Lorenz Keller
Senior Editor
Lorenz.Keller@digitecgalaxus.chGadgets are my passion - whether you need them for the home office, for the household, for sport and pleasure or for the smart home. Or, of course, for the big hobby next to the family, namely fishing.
News + Trends
From the latest iPhone to the return of 80s fashion. The editorial team will help you make sense of it all.
Show allThese articles might also interest you
9 comments
later