SECURITYMALWAREBYTES LABS
Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords
Shark's cloud-connected robot vacuums have an unpatched AWS IoT policy flaw allowing a compromised device to access other devices in the same region, exposing cameras, home maps, and Wi-Fi passwords stored in plaintext. A researcher demonstrated that stolen AWS IoT certificates can remotely command other vacuums, with over 44% of observed devices in one region responding to remote commands.
Mentioned
Related Signal