So much for things like this were only happening in the movies, Now it is getting real.
Xiaomi’s Furrytail smart pet food station can automatically feed pets at certain times, such as when the pet owner is away from home. The devices are however badly secured. By accident, Russian security researcher Anna Prosvetova found that she had access to over 10,000 furrytail devices. In addition to the feed rations, the security researcher could also have changed the firmware of the devices. Although the feed station Furrytail comes from the same manufacturer, it is sold under the brand Xiaomi. First it was reported in the Russian blog Habr.
The approximately $ 80 Furrytail feeding station is suitable for dogs and cats. You can set the amount of feed and times per app. Through the device API, Prosvetova was able to see 10,950 active furrytails worldwide. She could have fed the pets of the app owners at the touch of a button or could change the feed rations, said the security researcher. A password would not have needed it. In addition, it would be possible to play a modified firmware on the devices and thus take over permanently. These can then be misused for example for DDoS attacks.
The security researcher initially did not want to post more details about the vulnerabilities to give the manufacturer the ability to shut them down. She reported the gaps about a week ago. According to an e-mail published by Prosvetova, Furrytail has announced an update. However, the security researcher does not receive a bug bounty, the e-mail states. So far, the manufacturer has not set up a corresponding program.
One thing is interesting here that Xiaomi as the manufacturer of the Furrytail, the feed station is indeed sold under the brand Xiaomi, but the device is manufactured by Furrytail. Xiaomi said: “The smart animal feed station Furrytail does not belong to Xiaomis product plate, but comes from a third party manufacturer”. The security researcher had also turned not to Xiaomi, but to the furrytail manufacturer. Xiaomi has been operating a bug bounty program since 2013.
Latest posts by Amram David (see all)
- Secret Methods of Applying Text Analytics ( AI and Machine Learning Application ) - November 13, 2019
- Must Have Marketing Skills to Survive in The Age of AI - November 12, 2019
- Cutting Edge Technologies That Will Change Marketing Industry Forever - November 8, 2019