Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people’s Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi password in plaintext.

A researcher publishing under the handle tokay0 put the method online on Monday, having tested it only against vacuums he

This article has been indexed from The Hacker News

Read the original article: