Behind a cheap Temu doorbell sits an IoT backend where device IDs are sequential and requests are forgeable with a string baked into every firmware. One signed call lifts any device's persistent password and lets anyone on the Internet hijack the next live call.
  • Sandbar_Trekker@lemmy.todayEnglish
    1·
    4 hours ago

    The doorbell in this case is one that was bought on Temu by Naxclow:

    The unit ships under the name “Smart Doorbell X3” and pairs through a mobile app called “X Smart Home”

    Looks like Naxclow responded to the pen tester’s feedback very positively and are happy that he disclosed this issue to them. They’ve already started an internal review on the issue.