Sammy Azdoufal is an independent security researcher and software engineer based in Barcelona. His work focuses on the cloud and mobile attack surface of consumer IoT, with an emphasis on Chinese ODM/OEM ecosystems supplying the smart-home market in Europe and North America.

In February 2026, he disclosed a critical MQTT ACL bypass affecting roughly 7,000 DJI ROMO robot vacuums across 24 countries, granting live camera and microphone access. The disclosure was covered by The Verge, Cybernews, Popular Science, The Guardian..., and led to a $30,000 bug bounty award from DJI. He is known for using AI coding assistants — specifically Anthropic's Claude Code — as part of his reverse-engineering workflow, and for combining hands-on protocol analysis with disciplined responsible-disclosure practice.

The Meari Technology audit presented in this talk was conducted between February and April 2026, with CVE coordination performed by Tod Beardsley (runZero, Inc.) and disclosure coordinated with CISA. It is his largest single-vendor IoT audit to date.