Shark Robot Vacuums Exposed by Unpatched AWS IoT Flaw Affecting Millions
Researcher tokay0 disclosed an unpatched SharkNinja AWS IoT Core certificate-scoping flaw (Jul 13, 2026) enabling cross-device RCE, cameras, maps, and plaintext Wi-Fi keys. ~1.52M devices seen in one region; ~44% respond to command probes. Audits: irobot.com 68%, ecovacs.com 62%, roborock.com 61%, sharkninja.com 54%, sharkclean.com 46% — none at the 100% ideal.
Read Update