this post was submitted on 27 Oct 2025
904 points (98.6% liked)

Technology

76415 readers
3344 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
904
Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House (futurism.com)
submitted 3 days ago by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world
195 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Monument@lemmy.sdf.org 52 points 3 days ago* (last edited 3 days ago) (1 children)

A few years ago I noticed an annoyance with a soundbar I had. After allowing it onto my WiFi network so we could stream music to it, it still broadcast the setup WiFi network.

While dorking around one day, I ran a port scan on my network and the soundbar reported port 22 (ssh) was open. I was able to log in as root and no password.
After a moment of “huh, that’s terrible security.” I connected to the (publicly open) setup network, ssh’d in, and copied the wpa_supplicant.conf file from the device to verify it had my WiFi info available to anyone with at least my mediocre skill level. I then factory reset the device, never to entrust it with any credentials again.

[–] billygoat@catata.fish 18 points 2 days ago (1 children)

Name and shame, what make and model was it?

[–] Monument@lemmy.sdf.org 13 points 2 days ago* (last edited 2 days ago) (1 children)

It was a TCL Alto 9+.

A quick internet search reveals that this issue was known about at least three years ago.

Another model, the 8i was reported to have a root password of “12345678” - which is partially how I got the idea to start seeing if I could gain root.

[–] 6nk06@sh.itjust.works 1 points 2 days ago

TCL

The Chinese company that steals corporate secrets (I kicked a bunch of their devs once when they were trying to take pictures of prototypes and copy source code on USB keys) and send everything to China? Who would have thought.