Holy shit the article is far less tame than the title. They provided several ways to run commands as root and they can be generated as an over-the-air HTTP call. As per the article, if you buy the Jooki domain, it’s very likely you can control every single Jooki on the market. You can make the speaker do whatever you’d like. Pretty scary stuff. One has to wonder what nerds can do with that kind of tech: turn speakers into a low quality mic? Use them as bots for a DDoS attack? Just start blasting heavy metal music? Or just brick every device?

It’s pretty wild what the devs have done here. I can excuse executing commands as root from a file on the SD card. It’s not exactly safe but it’s also not the most dangerous to assume only people with access to the device would do that. Hardly a worry for most parents. But to allow OTA root level commands to be run? That’s a horrible design. At least setup a user that can only execute a few pr5e designed scripts. Don’t just give them carte blanch to run havoc on your hardware.