An unpatched security vulnerability in Shark robot vacuums lets attackers steal a single client certificate from one device and use it to run root commands on other Shark vacuums across the same Amazon Web Services region. The flaw exposes live camera feeds, stored home maps, and Wi-Fi credentials held in plaintext, affecting millions of devices. The researcher who discovered the issue, publishing under the handle tokay0, went public on Monday after reporting it to SharkNinja on March 1.
How the Certificate Flaw Works
The root cause is an over-permissive AWS IoT policy. The certificate that a Shark vacuum uses to authenticate to Amazon's cloud broker was never restricted to the device carrying it. A certificate pulled from one unit can subscribe to fleet-wide traffic and publish commands addressed to any device the broker serves. Those commands travel in an Exec_Command field inside the per-device state document AWS keeps in the cloud, and a management daemon on the vacuum passes anything under 1,000 bytes from it to a shell.
The researcher tested the technique only on units he bought himself, including a cross-model reverse shell on an AV1102ARUS Shark IQ Robot Vacuum XL. He then used that access to pull a live feed off the robot's onboard camera. Watching a single AWS region for 24 hours, he counted 1,517,605 unique Shark serial numbers, of which 673,816, or 44%, replied to a command probe. Those are devices observed responding, not devices he tested or compromised. Certificates are pinned to their AWS region, so a key lifted in one region only reaches devices in that region.
Timeline and Response
tokay0 says SharkNinja acknowledged his report on March 12, told him on April 27 that it was under review, and on July 3 promised a completion date by July 10 that never arrived. He also says the company downplayed the severity and questioned whether a CVE was warranted, despite a published disclosure policy that commits SharkNinja to provide regular updates until the vulnerability is resolved. The company had posted nothing on the flaw as of July 16.
Remediation in this scenario does not require a firmware update. Per Amazon, a non-compliant IoT policy is fixed by pushing a scoped version inside the operator's own AWS account until SharkNinja rescopes the policy or reissues the certificates.
Why This Matters
This vulnerability is part of a troubling pattern in smart home security. Cloud-side failures, where a backend fails to scope device access, have driven a run of robot-vacuum breaches. In February, a similar authorization flaw exposed roughly 6,700 DJI Romo vacuums, handing out camera feeds, audio, and floor plans. DJI patched that issue within weeks. The SharkNinja flaw is far larger in scale, with the researcher observing over 1.5 million unique serial numbers in a single AWS region.
For consumers, the risk is significant. An attacker could silently monitor a home, learn its layout, and gain access to the home Wi-Fi network. The lack of a patch more than four months after disclosure raises questions about SharkNinja's commitment to security. The incident also fuels interest in fully offline robot vacuum designs, which eliminate cloud-side attack surfaces entirely. Until SharkNinja resolves the issue, owners of these vacuums have no way to protect themselves beyond disconnecting the device from the internet.



