PulseAugur
EN
LIVE 16:58:12

Shark robot vacuums vulnerable to remote command execution via AWS flaw

A security vulnerability has been discovered in Shark robot vacuums that allows a stolen client certificate to execute root commands on other vacuums within the same AWS region. This flaw, stemming from an over-permissive AWS IoT policy, exposes sensitive data including live camera feeds, stored home maps, and Wi-Fi credentials. The researcher who found the vulnerability reported it to SharkNinja in March, but as of mid-July, the issue remains unpatched, requiring a cloud-side fix from SharkNinja. AI

IMPACT This vulnerability highlights the risks associated with cloud-connected IoT devices and the potential for widespread data breaches if security policies are not properly implemented.

RANK_REASON The cluster describes a security flaw in a consumer product, which falls under the 'tool' category for security vulnerabilities.

Read on Mastodon — mastodon.social →

AI-generated summary · Google Gemini · from 2 sources. How we write summaries →

Shark robot vacuums vulnerable to remote command execution via AWS flaw

COVERAGE [2]

  1. Tom's Hardware TIER_1 English(EN) · Luke James ·

    Robot vacuum flaw lets one stolen certificate run root commands on other Shark robovacs in the same AWS region — unpatched flaw exposes live camera feeds, stored home maps, and Wi-Fi credentials

    The problem is an over-permissive AWS IoT policy.

  2. Mastodon — mastodon.social TIER_1 English(EN) · [email protected] ·

    Robot vacuum flaw lets one stolen certificate run root commands on other Shark robovacs in the same AWS region — unpatched flaw exposes live camera feeds, store

    Robot vacuum flaw lets one stolen certificate run root commands on other Shark robovacs in the same AWS region — unpatched flaw exposes live camera feeds, stored home maps, and Wi-Fi credentials The problem is an over-permissive AWS IoT policy. https://www. tomshardware.com/tech-…