The security is terrible:
In a very short limited amount of time, three vulnerabilities have been discovered:
Wifi credentials of the user have been recovered (stored in plaintext into the flash memory).
No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption).
Root certificate and RSA private key have been extracted.
Boing Boing post.
Tags: Internet of Things, passwords, vulnerabilities, Wi-Fi
Author: Bruce Schneier