IoT-Security on HackingPassion.com : root@HackingPassion.com-[~]https://hackingpassion.com/tags/iot-security/Recent content in IoT-Security on HackingPassion.com : root@HackingPassion.com-[~]HugoenSat, 06 Jun 2026 16:51:31 +0200Your Home Devices Are Being Turned Into Proxies for the AI Industryhttps://hackingpassion.com/home-proxy-network/Sat, 06 Jun 2026 16:51:31 +0200https://hackingpassion.com/home-proxy-network/<p>Your phone, your TV, your router, anything in your home with an internet connection can be put to work crawling the web for the AI industry, and nothing on the device says it is happening. Some of that traffic is harmless scraping. Some of it is not, and it leaves under your IP address either way, so it traces back to you. It&rsquo;s called a <strong>residential proxy</strong>.</p> <p>I came across it through the smart TV story this morning. Researchers had taken apart the software inside some free smart TV apps and found it quietly turns the television into a relay, using the home connection to pull web pages for a data company that resells that access to the AI industry. One question stuck with me. What if it does not stop at one device. So I went digging, and it does not stop there, not by a long way.</p>Shodan Eye What if I could see EVERYTHING connected to the internethttps://hackingpassion.com/shodan-eye/Mon, 25 May 2026 15:38:04 +0200https://hackingpassion.com/shodan-eye/<h1 id="shodan-eye-what-if-i-could-see-everything-connected-to-the-internet">Shodan Eye: What if I could see EVERYTHING connected to the internet?</h1> <p>That was my question for a long time&hellip; And that&rsquo;s how Shodan Eye was born.</p> <p>Most people think the internet is what you browse through a browser. Websites, social media, search engines. That part is called the <strong>World Wide Web</strong>, and it is just a thin layer on top of something much larger. Underneath it, directly connected to the internet, are billions of devices that have never heard of a web page. Routers, cameras, industrial control systems, medical devices, traffic lights, refrigerators, power plants. Even devices you would never suspect. They are all online. Most of them are never meant to be found. Some of them have no password at all. <strong>Shodan Eye was built to find them.</strong></p>How Botnets Hide in Plain Sight: Tor, I2P, and the C2 Networks You Can't Seehttps://hackingpassion.com/botnets-tor-i2p-c2/Sun, 24 May 2026 11:30:46 +0200https://hackingpassion.com/botnets-tor-i2p-c2/<p>The command server is a botnet&rsquo;s one real weak point. Take it down and the bots go quiet. Operators figured this out early and built their infrastructure to survive exactly that.</p> <p>This article covers how they do it. How botnets hide their command infrastructure inside Tor and I2P, how they scan for new victims without exposing themselves, and what to look for to detect it. Technical and step by step.</p>Kimwolf Botnet: 2 Million Android TV Boxes Hacked via Proxy App Vulnerabilityhttps://hackingpassion.com/kimwolf-botnet-android-tv-boxes-proxy-exploit/Sun, 04 Jan 2026 15:28:00 +0100https://hackingpassion.com/kimwolf-botnet-android-tv-boxes-proxy-exploit/<p>A botnet just fired 1.7 billion DDoS commands in 72 hours. Attack capacity: nearly 30 Terabits per second. 2 million Android TV boxes sitting in living rooms across 222 countries and regions. And now we know how the attackers built it so fast. 🧐</p> <p>The attackers didn&rsquo;t send phishing emails. They didn&rsquo;t trick anyone into downloading malware. They just bought access to a proxy service and walked right into home networks.</p>RondoDox Botnet: 56 Exploits, Gaming Traffic Disguise, and Self-Defense Against Recoveryhttps://hackingpassion.com/rondodox-botnet-react2shell-exploit-shotgun/Thu, 01 Jan 2026 15:17:00 +0100https://hackingpassion.com/rondodox-botnet-react2shell-exploit-shotgun/<p>RondoDox added React2Shell to its arsenal. 90,000+ servers. 56 vulnerabilities. 30+ vendors. They call it the &ldquo;exploit-shotgun&rdquo; approach. Fire everything, see what hits. 😱</p> <p>Once inside, RondoDox doesn&rsquo;t just sit there. It launches DDoS attacks. Mines Monero. Turns infected devices into proxies to hide other attacks. And it breaks the tools needed to fight back.</p> <p>The botnet has been running for 9 months. Three distinct phases. March to April 2025 was reconnaissance. April to June was daily probing of WordPress, Drupal, Struts2, and IoT devices. July onward became hourly automated attacks at scale.</p>Your Smart TV is spying on you, and most people don't know. But YOU will!https://hackingpassion.com/smart-tv-spying-acr-tracking/Sat, 15 Nov 2025 12:00:15 +0100https://hackingpassion.com/smart-tv-spying-acr-tracking/<p>Nearly every modern Smart TV has ACR technology. You&rsquo;ve probably never heard of it. (Most people haven&rsquo;t. Stick with me&hellip;) It&rsquo;s there. On almost every Smart TV. And it&rsquo;s tracking everything on your screen.</p> <p>Not just Netflix. Not just YouTube. EVERYTHING.</p> <p>→ Playing PlayStation? Tracked. → Watching cable TV? Tracked. → Using Chromecast or Fire Stick? Tracked. → Private security camera footage? Tracked.</p> <p>If it appears on your screen, your TV is watching it, recording it, and sending that data somewhere else.</p>