www.malwarebytes.com 7/17/2026, 1:01:42 PM · external

Shark robot vacuums exposed to remote hijack via AWS flaw

Shark robot vacuums exposed to remote hijack via AWS flaw
CyberSIXT Evidence Panel
Primary Source tokay0.com

A flaw in Shark's cloud-connected robot vacuums allows an unpatched AWS IoT policy to enable unauthorized access to multiple devices within the same geographic region. A researcher discovered that the vacuum's embedded AWS IoT certificate is overly permissive, allowing a compromised device to control others and access sensitive information such as camera feeds, Wi-Fi passwords, and house maps. Despite being informed of this vulnerability over six months ago, SharkNinja has not implemented a fix. Users are advised to disable remote control features or disconnect their devices from Wi-Fi until a solution is provided.

View Primary Source Via www.malwarebytes.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline