A security vulnerability has been discovered in Shark robot vacuums that allows a stolen client certificate to execute root commands on other vacuums within the same AWS region. This flaw, stemming from an over-permissive AWS IoT policy, exposes sensitive data including live camera feeds, stored home maps, and Wi-Fi credentials. The researcher who found the vulnerability reported it to SharkNinja in March, but as of mid-July, the issue remains unpatched, requiring a cloud-side fix from SharkNinja. AI
IMPACT This vulnerability highlights the risks associated with cloud-connected IoT devices and the potential for widespread data breaches if security policies are not properly implemented.
RANK_REASON The cluster describes a security flaw in a consumer product, which falls under the 'tool' category for security vulnerabilities.
Read on Mastodon — mastodon.social →
AI-generated summary · Google Gemini · from 2 sources. How we write summaries →