this post was submitted on 31 Mar 2025
36 points (92.9% liked)

Technology

69346 readers
3938 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
top 3 comments
sorted by: hot top controversial new old
[–] captainjaneway@lemmy.world 16 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

Holy shit the article is far less tame than the title. They provided several ways to run commands as root and they can be generated as an over-the-air HTTP call. As per the article, if you buy the Jooki domain, it's very likely you can control every single Jooki on the market. You can make the speaker do whatever you'd like. Pretty scary stuff. One has to wonder what nerds can do with that kind of tech: turn speakers into a low quality mic? Use them as bots for a DDoS attack? Just start blasting heavy metal music? Or just brick every device?

It's pretty wild what the devs have done here. I can excuse executing commands as root from a file on the SD card. It's not exactly safe or smart but it's also not the most dangerous thing to assume only people with access to the device would do that. Hardly a worry for most parents as long as you're not especially reckless. But to allow OTA root level commands to be run? That's a horrible design. At least setup a user that can only execute a few pre-designed scripts. Don't just give them carte blanch to run havoc on your hardware.

Just another reminder that every wifi enabled device is likely a ticking timebomb. Especially low quality devices meant for kids. Baby monitors, speakers, etc. have a history of being built cheaply and poorly. That's why I bought non-wifi baby monitors for my family.

[–] Postmortal_Pop@lemmy.world 6 points 3 weeks ago

Honestly, of I had the money and time I'd absolutely buy the domain and turn an entire product line into a kids friendly pirate radio network.

[–] rice@lemmy.org 3 points 3 weeks ago

this one https://beta.jooki.rocks/ isn't even mentioned in the guys github/blog post either didn't really look into it at all, probably can control that too