Security Alert

The Pandora Botnet Compromised 1.2 Million Smart Home Devices

Here's exactly what happened, which devices were affected, and the step-by-step actions you need to take right now to protect your smart home.

May 02, 2026 | 12 min read
TL;DR — Act Now

If you own budget smart plugs, Wi-Fi cameras, or older Zigbee hubs purchased before 2024, update their firmware immediately. If updates aren't available, replace them with Matter-certified devices. Full checklist below.

What Is the Pandora Botnet?

Security researchers at Nozomi Networks and Fortinet jointly disclosed "Pandora" in April 2026 — a sophisticated botnet that quietly infected over 1.2 million smart home devices worldwide. Unlike earlier botnets like Mirai that focused on routers and IP cameras, Pandora specifically targeted the growing ecosystem of smart home devices.

The botnet was remarkably patient. It spent months building its device army, exploiting known vulnerabilities that manufacturers had failed to patch — in some cases, vulnerabilities that had been publicly disclosed for over two years.

What Devices Were Targeted?

Pandora primarily exploited three categories of devices:

Device TypeVulnerabilityEstimated Devices Affected
Budget Wi-Fi CamerasDefault credentials, unpatched firmware~500,000
Smart Plugs & SwitchesBuffer overflow in MQTT protocol handling~400,000
Older Zigbee HubsZigbee network key extraction via downgrade attack~300,000

Notable: Major brand devices (Ring, Nest, Philips Hue, SmartThings) were not significantly affected. The botnet specifically targeted budget and white-label manufacturers that fail to provide timely security updates.

What Did Pandora Do?

Once infected, devices became part of the Pandora botnet and were used for three primary purposes:

  • DDoS attacks: The botnet was rented out for distributed denial-of-service attacks against commercial targets, generating traffic spikes exceeding 2.4 Tbps
  • Cryptocurrency mining: Infected devices with sufficient processing power (primarily cameras and hubs) were used to mine Monero cryptocurrency
  • Network reconnaissance: Pandora mapped home networks, cataloging all connected devices and their vulnerabilities for future exploitation

The network reconnaissance aspect is particularly concerning. By mapping home networks, the botnet operators built a detailed database of device configurations that could enable more targeted attacks in the future.

Why Older Devices Were the Primary Targets

The pattern is clear: abandoned firmware is the smart home's biggest security threat. When manufacturers stop releasing security updates — which happens routinely with budget devices within 1-2 years of launch — those devices become permanent vulnerabilities in your home network.

This is the core problem Pandora exposed: the average smart home has 15-25 connected devices, many from different manufacturers with wildly different security update commitments. Without a unified security standard, consumers have no way to know which devices are safe.

Industry Response: "Matter Secure" Certification

The Pandora botnet prompted swift industry action. The Connectivity Standards Alliance (CSA) announced the "Matter Secure" certification program, which requires:

  • Minimum 5-year security update commitment for any device bearing the Matter Secure label
  • Secure boot chain ensuring devices can only run signed, verified firmware
  • Automatic security updates enabled by default (with user option to disable)
  • Vulnerability disclosure program — manufacturers must accept and respond to security researcher reports
  • End-of-life notification — when a device approaches its update support window, the manufacturer must notify users and recommend replacements

Major manufacturers including Google, Amazon, Samsung, Apple, Signify (Philips Hue), and Ring have committed to the Matter Secure program. Devices certified under the new program will carry a distinct "Matter Secure" badge on packaging.

Regulatory Response

Pandora also accelerated regulatory action:

  • EU Cyber Resilience Act: Enforcement is now in full effect, requiring all consumer IoT devices sold in the EU to meet minimum cybersecurity standards and provide security updates for the expected product lifetime
  • U.S. IoT Security Labeling Program: The FCC's "Cyber Trust Mark" program launched in early 2026, providing consumers with a visible security rating on IoT device packaging
  • UK Product Security Regime: Now requires manufacturers to publish vulnerability disclosure policies and provide security updates

Your Action Checklist: Secure Your Smart Home Now

Immediate Actions (Do These Today)
  • Update firmware on ALL smart home devices — check each manufacturer's app
  • Change default passwords on every device, especially cameras and hubs
  • Enable two-factor authentication on smart home accounts (Ring, Nest, SmartThings, etc.)
  • Check your router's connected device list for unknown devices
  • Enable automatic firmware updates where available
Network Hardening (This Weekend)
  • Create a separate IoT network — most modern routers support guest networks or VLANs
  • Disable UPnP on your router — this prevents devices from opening ports automatically
  • Install a network scanner like Fing to monitor all connected devices
  • Review and remove any devices you no longer use from your network
Device Upgrades (Plan for Next Month)
  • Replace pre-2024 budget devices that don't receive firmware updates with Matter-certified alternatives
  • Look for the Matter Secure badge when buying new devices
  • Consider a smart home hub with built-in security monitoring (Home Assistant, SmartThings 2025+)
  • Set up router-level monitoring — tools like Firewalla or Ubiquiti Dream Machine can alert on suspicious IoT traffic

Tools for Network Monitoring

ToolTypePriceBest For
FingNetwork scanner appFree / $6.99/mo PremiumQuick device inventory and monitoring
FirewallaHardware firewall$109-299Comprehensive IoT traffic monitoring
Ubiquiti Dream MachineRouter + security$199-499Pro-level network management
Home AssistantSmart home platformFree (DIY hardware)Local device monitoring and alerts

The Case for Upgrading to Matter-Certified Devices

The Pandora incident makes a compelling case for choosing Matter-certified devices going forward. Here's why:

  • Guaranteed security updates: Matter Secure certification requires a minimum 5-year update commitment
  • Secure boot chain: Devices can only run manufacturer-signed firmware — no botnet infiltration
  • Standardized protocols: No exotic communication protocols with unpatched vulnerabilities
  • Ecosystem agnostic: Works with Apple, Google, Amazon, and Samsung — no lock-in

Pros & Cons: Staying Safe in the Smart Home Era

Good News
  • Matter Secure program forces manufacturer accountability
  • Regulations now require security update commitments
  • Network segmentation is easier than ever
  • Major brands (Ring, Nest, Hue) already meet high standards
Ongoing Risks
  • Millions of legacy devices still in use without updates
  • Budget manufacturers may ignore security standards
  • Consumer awareness of IoT security remains low
  • New attack vectors emerge as device count grows

The Bottom Line

The Pandora botnet is a wake-up call for every smart home owner. The good news is that the industry is responding with stronger standards and the regulatory environment is catching up. But the responsibility ultimately falls on us — the users — to keep our devices updated, segment our networks, and choose secure products. Follow the checklist above, upgrade your most vulnerable devices, and you'll be in great shape.

Affiliate Note: This site is reader-supported. We may earn a commission from qualifying security device purchases through affiliate links, at no extra cost to you.
Table of Contents
Firewalla Purple

Smart firewall for IoT protection

Check Price on Amazon
Matter-Certified Smart Plug

Secure, updated, future-proof

Browse on Amazon