Can Hackers Bring Jooki Back To Life?
Submitted 4 weeks ago by GertrudGoethe@feddit.org to technology@lemmy.world
https://hackaday.com/2025/03/30/can-hackers-bring-jooki-back-to-life/
Submitted 4 weeks ago by GertrudGoethe@feddit.org to technology@lemmy.world
https://hackaday.com/2025/03/30/can-hackers-bring-jooki-back-to-life/
captainjaneway@lemmy.world 4 weeks ago
Holy shit the article is far less tame than the title. They provided several ways to run commands as root and they can be generated as an over-the-air HTTP call. As per the article, if you buy the Jooki domain, it’s very likely you can control every single Jooki on the market. You can make the speaker do whatever you’d like. Pretty scary stuff. One has to wonder what nerds can do with that kind of tech: turn speakers into a low quality mic? Use them as bots for a DDoS attack? Just start blasting heavy metal music? Or just brick every device?
It’s pretty wild what the devs have done here. I can excuse executing commands as root from a file on the SD card. It’s not exactly safe but it’s also not the most dangerous to assume only people with access to the device would do that. Hardly a worry for most parents. But to allow OTA root level commands to be run? That’s a horrible design. At least setup a user that can only execute a few pr5e designed scripts. Don’t just give them carte blanch to run havoc on your hardware.
Postmortal_Pop@lemmy.world 4 weeks ago
Honestly, of I had the money and time I’d absolutely buy the domain and turn an entire product line into a kids friendly pirate radio network.
rice@lemmy.org 4 weeks ago
this one beta.jooki.rocks isn’t even mentioned in the guys github/blog post either didn’t really look into it at all, probably can control that too