Security · 1h ago
Shark Robot Vacuum Flaw Exposes Cameras, Maps, and Wi-Fi Credentials
A security flaw in Shark robot vacuums allows a single stolen AWS certificate to execute root commands on other devices in the same AWS region. The vulnerability, caused by an over-permissive IoT policy, exposes live camera feeds, stored home maps, and Wi-Fi credentials. The issue remains unpatched, affecting multiple devices.
Meridian48 take
This flaw highlights the systemic risk of over-permissive cloud policies in IoT devices, where a single compromised certificate can cascade into a broader breach.
Read the full reporting
Robot vacuum flaw lets one stolen certificate run root commands on other Shark robovacs in the same AWS region — unpatched flaw exposes live camera feeds, stored home maps, and Wi-Fi credentials →
Tom's Hardware
iot-securityaws-iot