Security Flaw in DJI Romo Robot Vacuums Allowed Remote Access to Thousands of Devices

A software engineer discovered a security flaw in DJI's Romo robot vacuum that allowed him to remotely access about 7,000 devices across 24 countries. By reverse-engineering the device's communication with DJI's cloud servers, he could view live camera feeds, audio, and control multiple vacuums unintentionally. The vulnerability stemmed from improper access restrictions in the company's server protocol. DJI has since fixed the issue, highlighting concerns about privacy risks in internet-connected home devices.