A security lapse linked to DJI’s Romo robot vacuum has reportedly exposed thousands of households around the world, after a software engineer gained access to devices across 24 countries.
According to a report by Gadget Review, the issue affected around 7,000 units of the Romo vacuum, a model priced at about $2,000. The vulnerability made it possible for an unauthorised person to take control of the connected vacuum systems and view information that should have remained private to owners.
The report said the exposed data included live camera feeds from the vacuum and digital floor plans created as the device mapped homes for navigation. Such information can reveal room layouts, movement paths and in some cases what is happening inside a residence at the time the camera is active.
Robot vacuums commonly use a combination of sensors and cameras to move through rooms and avoid obstacles. Many also store mapping information so the vacuum can clean efficiently and remember the layout. When these features are tied to internet-connected apps, security flaws can create a pathway for outsiders to access sensitive household data.
Gadget Review described the incident as affecting homes worldwide, showing how a consumer smart device can become an entry point for privacy risks at scale. With devices spread across multiple countries, the impact was not limited to one market.
The report focused on the ability of strangers to access both video and mapping data. Live camera feeds can expose personal routines or identify details inside homes, while floor plan maps can provide a structured view of the property. For users, these are among the most sensitive categories of data generated by smart home products.
The incident highlights the broader challenge of securing connected devices that operate inside private spaces. Unlike many other gadgets, robot vacuums typically travel throughout the home, capturing a wide range of areas while building a detailed map.
Gadget Review published the account on February 24, 2026. The report did not limit the exposure to a single region, noting affected devices across 24 countries.