An anonymous reader writes from a report via Softpedia: There is an insecure IoT smart electrical socket on the market that leaks your Wi-Fi password, your email credentials (if configured), and is also poorly coded, allowing attackers to hijack the device via a simple command injection in the password field. Researchers say that because of the nature of the flaws, attackers can overwrite its firmware and add the device to a botnet, possibly using it for DDoS attacks, among other things. Bitdefender didn't reveal the device's manufacturer but said the vendor is working on a fix, which will be released in late Q3 2016. Problems with the device include a lack of encryption for device communications and the lack of any basic input sanitization for the password field. "Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the internet and bypass the limitations of the network address translation," says Alexandru Balan, Chief Security Researcher at Bitdefender. "This is a serious vulnerability, we could see botnets made up of these power outlets."