FBI warns smart devices can be hijacked

The FBI issued a Public Service Announcement on June 5, 2025 naming the BADBOX 2.0 botnet and warning it is converting everyday Internet‑connected devices into residential proxy networks for criminal use (fbi.gov). (fbi.gov) Federal investigators and multiple security outlets reported BADBOX 2.0 has infected more than one million consumer devices, with researchers saying the botnet could encompass several million compromised units worldwide (bleepingcomputer.com). (bleepingcomputer.com) The FBI’s advisory lists commonly abused hardware as low‑cost Android‑based TV streaming boxes, digital projectors, tablets, aftermarket vehicle infotainment systems and digital picture frames—devices often manufactured in China and sold under generic or unfamiliar brand names (digitaltrends.com). (digitaltrends.com) Agency and researcher analysis shows infections can be baked into devices before sale or introduced during setup when users install apps from third‑party marketplaces or are tricked into disabling protections like Google Play Protect (ic3.gov). (ic3.gov) Security reporting and the Electronic Frontier Foundation note the botnet’s operators sell or share access to compromised home networks and repurpose infected devices for ad fraud, data scraping, credential‑stuffing campaigns and other illicit traffic routing (eff.org). (eff.org) News investigations flagged specific device lines marketed on mainstream marketplaces—examples named in coverage include “TV98” and “X96”—as appearing in infection analyses despite some listings carrying labels like “Amazon’s Choice.” (techtimes.com). (techtimes.com) The FBI directed suspicious incidents and indicators of compromised devices to be reported to the Internet Crime Complaint Center at IC3.gov and advised following the mitigation steps laid out in its PSA for consumers and organizations (ic3.gov). (ic3.gov)