Security · 3h ago
Shark Robot Vacuum Flaw Lets Attackers Take Over Other Vacuums Remotely
A researcher known as tokay0 published a method exploiting an unpatched flaw in Shark RV2320EDUS robot vacuums. By extracting a certificate from the device's flash, attackers can execute root commands on other Shark vacuums in the same AWS region. The exploit enables camera access, robot control, home map retrieval, and plaintext Wi-Fi password theft.
Meridian48 take
The vulnerability underscores the risks of IoT devices sharing cloud infrastructure without proper isolation, turning a convenience into a regional security hazard.
Read the full reporting
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide →
The Hacker News
iot-vulnerabilityshark-vacuum