By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Shark Vacuum Flaw Allows Remote Control of Other Vacuums

A security vulnerability discovered in Shark brand robot vacuums, specifically the RV2320EDUS model, allows attackers to gain remote control over other vacuums within the same Amazon Web Services (AWS) region. The researcher, operating under the pseudonym tokay0, published details of the exploit on Monday, demonstrating how extracting the device's certificate from its flash memory enables the execution of root commands on other units.
This exploit grants attackers the ability to remotely operate the affected vacuums. They can control the robot's movement, access its camera feed to view the interior of a user's home, read the stored map of the house, and even extract the Wi-Fi password in plaintext. The researcher confirmed the exploit's effectiveness through testing against other Shark vacuums within the same AWS region, indicating a potential for widespread compromise.
The vulnerability stems from the way the vacuum's security certificates are stored and accessed. By obtaining the certificate, an attacker bypasses authentication mechanisms, effectively impersonating a legitimate device. This allows for unauthorized command execution, turning the smart home device into a potential tool for surveillance and network intrusion. The researcher has made the method publicly available, highlighting the urgency for Shark to address this critical security flaw.
Original source — read the full reporting at the publisher:
Read on The Hacker NewsGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.