Man Accidentally Hacks an Army of 7,000 Robot Vacuums, Able to Access Video Feeds Within People’s Homes

Facts Matter – Episode Summary

Podcast: Facts Matter
Host: Roman, The Epoch Times
Episode: Man Accidentally Hacks an Army of 7,000 Robot Vacuums, Able to Access Video Feeds Within People’s Homes
Date: March 13, 2026

Overview

In this episode, Roman explores a startling real-world case of an accidental large-scale security breach involving DJI robot vacuums. The story focuses on how a man in Spain, while attempting to hack his own device for personal convenience, inadvertently gained access to the video feeds, microphones, floorplans, and control functionality for nearly 7,000 vacuums across 24 countries. Roman dissects the broader implications of smart device vulnerabilities and questions our collective reliance on ever-more-intrusive home technology.

Key Discussion Points & Insights

The Accidental Hack (00:15–06:20)

A Spanish man, Sammy Asdeval, tried to make his own robot vacuum easier to control—specifically, he wanted to use a PS5 controller instead of the provided app.
While using an AI chatbot (Claude bot) as a coding assistant to help develop his own remote control app, Sammy stumbled across a major security vulnerability.
Notable Quote (Roman, 01:55):
“While building his own remote control app using an AI coding assistant to help reverse engineer how the robot communicated with DJI’s remote cloud server, he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries.”

How the Vulnerability Worked (03:00–07:30)

The main flaw: the DJI server failed to limit access only to devices owned by a verified user. Instead, a security token extracted for his own unit granted permissions to thousands of others.
This gave Sammy “fly on the wall” capability—real-time access to remote camera feeds, audio, and control in strangers’ homes worldwide.
Notable Quote (Roman, 04:02):
“He basically gained access to the video feeds, the floor map layouts, the microphones, as well as the ability to remotely control the robots himself.”

The Aftermath & Vendor Response (07:30–10:15)

Sammy, identifying as a “white hat” (good-faith hacker), shared his find with The Verge, who then contacted DJI.
DJI responded with two automatic updates (Feb 8 and Feb 10), claiming to have patched the main vulnerability.
DJI Statement Read by Roman (09:10):
"DJI identified a vulnerability affecting DJI Home through internal review in late January and initiated remediation immediately. The issue was addressed through two updates... The fix was deployed automatically and no user action is required."
However, not all problems were fixed:
- One unresolved issue allows viewing of a video stream without a security PIN.
- Another is so serious it's being withheld from public disclosure until resolved.
Notable Quote (Roman paraphrasing the Verge, 09:55):
“As of February 17, DJI tells the Verge it will do so within weeks.”

Wider Implications of Smart Device Vulnerability (10:15–14:55)

Roman calls attention to the broader trend: smart devices (cameras, speakers, fridges, glasses) are everywhere, and all can be points of vulnerability.
Links to a recent Meta/Facebook story from Kenya, where workers reviewed private, intimate moments captured by smart glasses:
- Quote from report (11:55):
  “Bank details, sex and naked people who seem unaware they are being recorded. Behind Meta’s new smart glasses lies a hidden workforce uneasy about peering into the most intimate parts of other people’s lives.”
References the famous image of Mark Zuckerberg taping over his own laptop camera, suggesting even tech leaders take simple but effective precautions.
- Notable Moment:
  “If Mark Zuckerberg is taping his own laptop camera, maybe we should all be a little more careful.” (12:45)

Questions About Privacy, Security & State Actors (15:00–17:30)

The hack was performed using only tools available to the public—what, Roman asks, are professional hackers and nation states able to access?
Notable Quote (Roman, 16:15):
“If a guy using a publicly available Claude bot...is able to accidentally stumble upon access to 7,000 different units within 24 different countries, what about nation states that have teams of hackers...?”
This is framed as a widespread phenomenon, not a “one-off.” Roman asks listeners to reflect critically on the future of household privacy.

Memorable Quotes & Moments (with Timestamps)

01:55 (Roman):
“While building his own remote control app...he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds...from nearly 7,000 other vacuums across 24 countries.”
04:02 (Roman):
“He basically gained access to the video feeds, the floor map layouts, the microphones, as well as the ability to remotely control the robots himself.”
09:10 (DJI statement):
“DJI identified a vulnerability affecting DJI Home through internal review...The fix was deployed automatically and no user action is required.”
11:55 (Citing Meta smart glasses leak):
“Bank details, sex and naked people who seem unaware they are being recorded. Behind Meta’s new smart glasses lies a hidden workforce uneasy about peering into the most intimate parts of other people’s lives.”
12:45 (Roman):
“If Mark Zuckerberg is taping his own laptop camera, maybe we should all be a little more careful.”
16:15 (Roman):
“If a guy using a publicly available Claude bot...is able to accidentally stumble upon access to 7,000 different units within 24 different countries, what about nation states that have teams of hackers...?”

Key Timestamps for Important Segments

00:15 – Story Introduction and Overview
03:00 – Technical Details and Discovery of Vulnerability
07:30 – Vendor Response and Outstanding Risks
10:15 – Broader Discussion: Other Smart Devices, Meta Glasses
12:45 – Mark Zuckerberg’s Webcam Tape: Symbolic Warning
15:00 – Nation-State Hacking and Mass Surveillance Dangers
16:40 – Final Reflections and Call for Listener Feedback

Tone and Takeaways

Roman’s tone is clear, factual, and slightly cautionary, encouraging deep reflection on our collective assumptions about technology and privacy. The episode balances technical explanation with human interest, using real-world examples and a sprinkling of dry humor.

Technology is only as secure as its weakest system.
Even “white hat” discoveries expose how easily mass surveillance could occur.
Every device with a camera or microphone is a potential window into our lives—often, without our knowledge.

Final word: Given what’s possible with a chatbot and a smart vacuum, Roman urges everyone to think carefully before adding smart devices to their homes:

“If it has a camera, your image...has the potential to be accessed by somebody remotely.” (12:10)

For more details:
Read the Popular Science feature and full account linked in the episode description.

Facts Matter – Episode Summary

Overview

Key Discussion Points & Insights

The Accidental Hack (00:15–06:20)

A Spanish man, Sammy Asdeval, tried to make his own robot vacuum easier to control—specifically, he wanted to use a PS5 controller instead of the provided app.
While using an AI chatbot (Claude bot) as a coding assistant to help develop his own remote control app, Sammy stumbled across a major security vulnerability.
Notable Quote (Roman, 01:55):
“While building his own remote control app using an AI coding assistant to help reverse engineer how the robot communicated with DJI’s remote cloud server, he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries.”

How the Vulnerability Worked (03:00–07:30)

The main flaw: the DJI server failed to limit access only to devices owned by a verified user. Instead, a security token extracted for his own unit granted permissions to thousands of others.
This gave Sammy “fly on the wall” capability—real-time access to remote camera feeds, audio, and control in strangers’ homes worldwide.
Notable Quote (Roman, 04:02):
“He basically gained access to the video feeds, the floor map layouts, the microphones, as well as the ability to remotely control the robots himself.”

The Aftermath & Vendor Response (07:30–10:15)

Sammy, identifying as a “white hat” (good-faith hacker), shared his find with The Verge, who then contacted DJI.
DJI responded with two automatic updates (Feb 8 and Feb 10), claiming to have patched the main vulnerability.
DJI Statement Read by Roman (09:10):
"DJI identified a vulnerability affecting DJI Home through internal review in late January and initiated remediation immediately. The issue was addressed through two updates... The fix was deployed automatically and no user action is required."
However, not all problems were fixed:
- One unresolved issue allows viewing of a video stream without a security PIN.
- Another is so serious it's being withheld from public disclosure until resolved.
Notable Quote (Roman paraphrasing the Verge, 09:55):
“As of February 17, DJI tells the Verge it will do so within weeks.”

Wider Implications of Smart Device Vulnerability (10:15–14:55)

Roman calls attention to the broader trend: smart devices (cameras, speakers, fridges, glasses) are everywhere, and all can be points of vulnerability.
Links to a recent Meta/Facebook story from Kenya, where workers reviewed private, intimate moments captured by smart glasses:
- Quote from report (11:55):
  “Bank details, sex and naked people who seem unaware they are being recorded. Behind Meta’s new smart glasses lies a hidden workforce uneasy about peering into the most intimate parts of other people’s lives.”
References the famous image of Mark Zuckerberg taping over his own laptop camera, suggesting even tech leaders take simple but effective precautions.
- Notable Moment:
  “If Mark Zuckerberg is taping his own laptop camera, maybe we should all be a little more careful.” (12:45)

Questions About Privacy, Security & State Actors (15:00–17:30)

The hack was performed using only tools available to the public—what, Roman asks, are professional hackers and nation states able to access?
Notable Quote (Roman, 16:15):
“If a guy using a publicly available Claude bot...is able to accidentally stumble upon access to 7,000 different units within 24 different countries, what about nation states that have teams of hackers...?”
This is framed as a widespread phenomenon, not a “one-off.” Roman asks listeners to reflect critically on the future of household privacy.

Memorable Quotes & Moments (with Timestamps)

01:55 (Roman):
“While building his own remote control app...he soon discovered that the same credentials that allowed him to see and control his own device also provided access to live camera feeds...from nearly 7,000 other vacuums across 24 countries.”
04:02 (Roman):
“He basically gained access to the video feeds, the floor map layouts, the microphones, as well as the ability to remotely control the robots himself.”
09:10 (DJI statement):
“DJI identified a vulnerability affecting DJI Home through internal review...The fix was deployed automatically and no user action is required.”
11:55 (Citing Meta smart glasses leak):
“Bank details, sex and naked people who seem unaware they are being recorded. Behind Meta’s new smart glasses lies a hidden workforce uneasy about peering into the most intimate parts of other people’s lives.”
12:45 (Roman):
“If Mark Zuckerberg is taping his own laptop camera, maybe we should all be a little more careful.”
16:15 (Roman):
“If a guy using a publicly available Claude bot...is able to accidentally stumble upon access to 7,000 different units within 24 different countries, what about nation states that have teams of hackers...?”

Key Timestamps for Important Segments

00:15 – Story Introduction and Overview
03:00 – Technical Details and Discovery of Vulnerability
07:30 – Vendor Response and Outstanding Risks
10:15 – Broader Discussion: Other Smart Devices, Meta Glasses
12:45 – Mark Zuckerberg’s Webcam Tape: Symbolic Warning
15:00 – Nation-State Hacking and Mass Surveillance Dangers
16:40 – Final Reflections and Call for Listener Feedback

Tone and Takeaways

Technology is only as secure as its weakest system.
Even “white hat” discoveries expose how easily mass surveillance could occur.
Every device with a camera or microphone is a potential window into our lives—often, without our knowledge.

Final word: Given what’s possible with a chatbot and a smart vacuum, Roman urges everyone to think carefully before adding smart devices to their homes:

“If it has a camera, your image...has the potential to be accessed by somebody remotely.” (12:10)

For more details:
Read the Popular Science feature and full account linked in the episode description.

wavePod

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Facts Matter – Episode Summary

Overview

Key Discussion Points & Insights

The Accidental Hack (00:15–06:20)

How the Vulnerability Worked (03:00–07:30)

The Aftermath & Vendor Response (07:30–10:15)

Wider Implications of Smart Device Vulnerability (10:15–14:55)

Questions About Privacy, Security & State Actors (15:00–17:30)

Memorable Quotes & Moments (with Timestamps)

Key Timestamps for Important Segments

Tone and Takeaways

Summary

Facts Matter – Episode Summary

Overview

Key Discussion Points & Insights

The Accidental Hack (00:15–06:20)

How the Vulnerability Worked (03:00–07:30)

The Aftermath & Vendor Response (07:30–10:15)

Wider Implications of Smart Device Vulnerability (10:15–14:55)

Questions About Privacy, Security & State Actors (15:00–17:30)

Memorable Quotes & Moments (with Timestamps)

Key Timestamps for Important Segments

Tone and Takeaways