This girl hacked 11,000 dogs and cats smart feeders
Cybersecurity incidents can affect many aspects of our lives, including issues related to our pets. A few months ago, Xiaomi, in collaboration with the company Furrytail, launched a crowd funding project consisting of an Internet-connected pet feeder controlled through an app, which was sold on Youpin, Xiaomi’s official store.
Anna Prosvetova, a well-known Russian hacker,
claims to have hacked thousands of Furrytail Pet Smart Feeder devices,
accessing any data related to its use. The hacker states that it is even
possible to manipulate the operation of the device remotely.
According to cybersecurity experts, this device
is basically an internet-connected food depot capable of feeding pets when
their master is away from home, setting schedules to deliver a previously determined
food load. The project had a more than acceptable response in the fundraising
process, so it was launched almost immediately and released earlier this year.
Prosvetova, through her Telegram
channel (@theyforcedme), claims that she discovered how to hack these devices
accidentally: “While studying the feeder API, I discovered some records
that run on the screen of any of these devices, as well as data on the WiFi
networks of the people who bought them. After a couple of clicks I was able to
feed any dog or cat, although it also has a malicious use, as it is possible to
delete the schedules programmed by the user, which would leave the pets without
food.”
At first she only found 800 of these devices
online, although soon after this figure increased to 6, 500, to finish its
count in almost 11 thousand feeders. Fortunately, Prosvetova claims that she
would be unable to use these devices to negatively impact any cat or dog.
According to cybersecurity experts, this flaw
exists because these devices have an ESP8266 driver, which allows the
installation of a fake firmware to compromise their security and perform other
activities, such as formatting, botnet integration, among others .
The hacker has already reported this flaw to
the manufacturers of the smart food dispenser, which announced that a security
patch will be added to the app to restrict this access point. As a security
measure, International Institute of Cyber Security (IICS) specialists recommend
users disconnect these devices from the Internet, at least until the company
announces that updates are already available.
Gloss