Skip to content
The Nexus
SECURITYJul 17 · 12:29 UTCMALWAREBYTES LABS

Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords

Shark's cloud-connected robot vacuums have an unpatched AWS IoT policy flaw allowing a compromised device to access other devices in the same region, exposing cameras, home maps, and Wi-Fi passwords stored in plaintext. A researcher demonstrated that stolen AWS IoT certificates can remotely command other vacuums, with over 44% of observed devices in one region responding to remote commands.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting