Security Vulnerability Discovered in Xiaomi Pet Feeders

  •  
  •  
  •  
  • 1
  • 1
  •  
  •  
    2
    Shares

While each passing day makes the internet-of-things more popular, it also makes it more likely to exhibit security bugs. Earlier this year, we reported on vulnerabilities within Xiaomi electric scooters that could allow hacking the scooters remotely. Once again, a similar incident has surfaced online. Recently, a hacker discovered a way to take over thousands of Xiaomi Pet Feeders due to a vulnerability.

Vulnerability In Xiaomi Pet Feeders

A security researcher has found a serious vulnerability in Xiaomi pet feeders. She noticed that exploiting the bug could allow her to hack thousands of other smart feeders.

The Russian researcher Anna Prosvetova shared her findings in a series of messages on her Telegram channel. As elaborated by ZDNet, she discovered a vulnerability in the backend API and firmware of Xiaomi FurryTail smart feeders.

While the gadgets should feed pet cats and dogs using smart technology, the bug could let a potential attacker leave the poor pets deprived of food.

Prosvetova found this vulnerability when she bought one such smart feeder for her pet. She then noticed that the device available on AliExpress for around $80 had a serious glitch in the API that could allow her to view and access all other Xiaomi FurryTail feeders around the world. Specifically, she found 10,950 devices vulnerable to hacks.

Furthermore, she also observed that the ESP8266 chipset in the device meant for WiFi connectivity also exhibited a vulnerability. Exploiting this flaw could allow the attackers to install new firmware on the target devices.

She even feared that such vulnerabilities could allow criminals to facilitate the feeders into an IoT DDoS botnet.

Company Promised A Fix

Upon discovering the vulnerabilities, the researcher contacted Xiaomi officials to report the matter. She received a response from the firm acknowledging the bug. However, after a week, things remain unclear whether anything has been done regarding the matter.

The researcher has refrained from sharing exact details about the vulnerabilities for now.

Recently, a researcher has also highlighted vulnerabilities in the robots at a Japanese hotel that could allow spying on the customers. Following the report, the Japanese hotel updated the robots.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!