An IoT company called Jooki has gone bankrupt, leaving its customers (particularly children) with useless devices.
However, a security researcher called Nuit has discovered there is still a lot of functionality in the devices.
Among other things, there is an HTTP API with a built-in backdoor that runs commands with root-level permissions, and a heartbeat script that can be exploited to give an attacker root access.
Nuit is making these findings public in the hope that Jooki’s open-source community will find a way to return the devices to a fully functional state.
IoT security is again highlighted as a major weak point in many internet-connected devices.
