Security Vulnerability Discovered in Xiaomi Pet Feeders

While each passing day makes the internet-of-things more popular, it also makes it more likely to exhibit security bugs. Earlier this year, we reported on vulnerabilities within Xiaomi electric scooters that could allow hacking the scooters remotely. Once again, a similar incident has surfaced online. Recently, a hacker discovered a way to take over thousands of Xiaomi Pet Feeders due to a vulnerability.

Vulnerability In Xiaomi Pet Feeders

A security researcher has found a serious vulnerability in Xiaomi pet feeders. She noticed that exploiting the bug could allow her to hack thousands of other smart feeders.

The Russian researcher Anna Prosvetova shared her findings in a series of messages on her Telegram channel. As elaborated by ZDNet, she discovered a vulnerability in the backend API and firmware of Xiaomi FurryTail smart feeders.

While the gadgets should feed pet cats and dogs using smart technology, the bug could let a potential attacker leave the poor pets deprived of food.

Prosvetova found this vulnerability when she bought one such smart feeder for her pet. She then noticed that the device available on AliExpress for around $80 had a serious glitch in the API that could allow her to view and access all other Xiaomi FurryTail feeders around the world. Specifically, she found 10,950 devices vulnerable to hacks.

Furthermore, she also observed that the ESP8266 chipset in the device meant for WiFi connectivity also exhibited a vulnerability. Exploiting this flaw could allow the attackers to install new firmware on the target devices.

She even feared that such vulnerabilities could allow criminals to facilitate the feeders into an IoT DDoS botnet.

Company Promised A Fix

Upon discovering the vulnerabilities, the researcher contacted Xiaomi officials to report the matter. She received a response from the firm acknowledging the bug. However, after a week, things remain unclear whether anything has been done regarding the matter.

The researcher has refrained from sharing exact details about the vulnerabilities for now.

Recently, a researcher has also highlighted vulnerabilities in the robots at a Japanese hotel that could allow spying on the customers. Following the report, the Japanese hotel updated the robots.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil