Find notable cyber news and cases, enriched with sources, timelines, and signals.

AWS Device Defender overly permissive IoT policy remediation

Advisory/Mitigation
First reported
Last updated
Happening score
H score 66
1 unique sources, 1 articles

Summary

Hide ▲

AWS's IOT_POLICY_OVERLY_PERMISSIVE_CHECK directs operators to replace broad IoT policies with device-scoped versions, closing a path that can let a compromised certificate affect all devices using the policy. The guidance matters because the same certificate can be used to read or modify cloud-managed device state across a fleet unless the policy is narrowed.

Related Happenings

Shark RV2320EDUS / AV1102ARUS cross-model AWS IoT Exec_Command RCE flaw

Vulnerability
H score78 First: 16.07.2026 12:23 Last: 16.07.2026 12:23 Sources 1

How related: He proved the cross-model path, landing a reverse shell on an AV1102ARUS he bought purely as a target, then using that shell to pull a live feed off the model's onboard camera while the robot drove around.

About this happening: A SharkNinja vacuum certificate flaw now enables root command execution on other Shark vacuums in the same AWS region, exposing camera feeds, house maps, and *...

XM Cyber maps eight validated AWS Bedrock attack vectors across connected enterprise integrations

Technical Analysis
H score26 First: 23.03.2026 13:55 Last: 23.03.2026 13:55 Sources 1

About this happening: XM Cyber mapped eight validated attack vectors in AWS Bedrock, showing how over-privileged permissions can expose logs, knowledge bases, agents, flows, guardrails, and...

Timeline

  1. 16.07.2026 12:23 2 articles · 2h ago

    AWS Device Defender flags overly permissive IoT policies and recommends scoped replacements

    Mitigation Patch Update

    AWS's Device Defender IOT_POLICY_OVERLY_PERMISSIVE_CHECK flags device policies that grant publish or subscribe on $aws/things/* instead of pinning access to ${iot:Connection.Thing.ThingName}; the mitigation is a server-side policy change in AWS rather than a firmware fix, and the owner-side stopgap is to disconnect the vacuum from Wi-Fi until the policy is corrected.

    Show sources