Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

Read full story on The Hacker News
Share
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide
AI disclosure

Summary

Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people's Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi password in plaintext. A researcher publishing under the handle tokay0 put the method online on Monday, having tested it only against vacuums he

Original reporting

Open original source
Read full article on The Hacker News

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.