DJI pays $30,000 after researcher exposes 7,000 vulnerable Romo robovacs
Mar 8th 2026
DJI confirmed it has rewarded a researcher after a demonstration showed thousands of Romo robovacs could be accessed, and the company says fixes are rolling out with more upgrades and audits planned.
- DJI paid a security researcher $30,000 for a reported Romo vulnerability but did not name the researcher or specify which finding earned the reward.
- Researcher Sammy Azdoufal demonstrated to The Verge that a PlayStation controller could lead him to access a network of about 7,000 DJI Romo devices.
- DJI says it addressed a vulnerability that allowed video streams to be viewed without a PIN by late February.
- The company says it is working on an additional serious vulnerability and expects a series of system updates to be fully implemented within about one month.
- DJI published a blog crediting two independent researchers while also stating it discovered the original issue internally and that Romo holds ETSI, EU, and UL security certifications.
- DJI says it will continue testing, patching, submit the Romo and its app to third party audits, and introduce new ways to collaborate with security researchers.