![Apple Watch Series 10 Prototype with Mystery Sensor Surfaces [Images]](https://www.iclarified.com/images/news/96892/96892/96892-640.jpg)
![Get Up to 69% Off Anker and Eufy Products on Final Day of Amazon's Big Spring Sale [Deal]](https://www.iclarified.com/images/news/96888/96888/96888-640.jpg)
![Apple Officially Releases macOS Sequoia 15.4 [Download]](https://www.iclarified.com/images/news/96887/96887/96887-640.jpg)
![watchOS 11.4 was briefly available, and was pulled by Apple [u]](https://photos5.appleinsider.com/gallery/60061-123253-watchOS-11-on-Apple-Watch-Ultra-xl.jpg)
![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![Is this a suitable approach to architect a flutter app? [closed]](https://i.sstatic.net/4hMHGb1L.png)
![Best practices for database design when storing AI/LLM conversations with tool/function calls? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
-1280x720.jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
Can Hackers Bring Jooki Back to Life?
Another day, another Internet-connected gadget that gets abandoned by its creators. This time it’s Jooki — a screen-free audio player that let kids listen to music and stories by placing …read more
Another day, another Internet-connected gadget that gets abandoned by its creators. This time it’s Jooki — a screen-free audio player that let kids listen to music and stories by placing specific tokens on top of it. Parents would use a smartphone application to program what each token would do, and that way even very young children could independently select what they wanted to hear.
Well, until the company went bankrupt and shutdown their servers down, anyway. Security researcher [nuit] wrote into share the impressive work they’ve done so far to identify flaws in the Jooki’s firmware, in the hopes that it will inspire others in the community to start poking around inside these devices. While there’s unfortunately not enough here to return these devices to a fully-functional state today, there’s several promising leads.
It probably won’t surprise you to learn the device is running some kind of stripped down Linux, and [nuit] spends the first part of the write-up going over the partitions and peeking around inside the filesystem. From there the post briefly covers how over-the-air (OTA) updates were supposed to work when everything was still online, which may become useful in the future when the community has a new firmware to flash these things with.
Where things really start getting interesting is when the Jooki starts up and exposes its HTTP API to other devices on the local network. There are some promising endpoints such as /flags which let’s you control various aspects of the device, but the real prize is /ll, which is a built-in backdoor that runs whatever command you pass it with root-level permissions! It’s such a ridiculous thing to include in a commercial product that we’d like to think they originally meant to call it /lol, but in any event, it’s a huge boon to anyone looking to dig deeper in to the device.
But wait, there’s more! The Jooki runs a heartbeat script that regularly attempts to check in with the mothership. The expected response when the box pings the server is your standard HTTP 200 OK, but in what appears to be some kind of hacky attempt at implementing a secondary OTA mechanism, any commands sent back in place of the HTTP status code will be executed as root.
Now as any accomplished penguin wrangler will know, if you can run commands as root, it doesn’t take long to fire up an SSH server and get yourself an interactive login. Either of these methods can be used to get into the speaker’s OS, and as [nuit] points out, the second method means that whoever can buy up the Jooki domain name would have remote root access to every speaker out there.
Long story short, it’s horrifyingly easy to get root access on a Jooki speaker. The trick now is figuring out how this access can be used to restore these devices to full functionality. We just recently covered a project which offered a new firmware and self-hosted backend for an abandoned smart display, hopefully something similar for the Jooki isn’t far off.
