Russian woman accidentally hacked thousands of Xiaomi animal feeders around the world

In May, Xiaomi introduced the Furrytail Pet Smart Feeder “smart” cat and dog feeder. And one of these days alone

of the users found a vulnerability in it, and discovered this by accident.

How did it happen

Anna Prosvetova, the author of the Telegram channel “I was forced to create a channel”, said that she broke into the feeders by chance while studying the API of her device.

“Now I continued to study their API and by chancegot access to all the feeders of this model in the world. I have logs running on the screen from all existing feeders, I see data on the Wi-Fi networks of poor Chinese who bought these devices for themselves. I can suddenly feed all the cats and dogs a couple of clicks, but I can deprive them of food, by deleting schedules from devices. I see how much food everyone has in the bowl now, ”Anna wrote.

As a result, she gained access to 10,950 feeders.

“You can remotely send a request to the feeder withWith a link to the firmware, the controller will download it, install and reboot. In theory, you can force the feeders to upgrade to a dummy firmware, after which the device will die completely, and the only way to fix it will be a complete analysis, soldering to the controller pins and manually filling in the firmware. Tell that to the cats and dogs that are now eating at home from this thing and are waiting for their owners from a two-week vacation, ”the hacker said.

She immediately contacted the developers andinformed them of the discovered vulnerability. Xiaomi representatives thanked Anna and promised to deal with the problem. True, no reward was given for this.

The woman did not take out the feeders, so not a single cat or dog remained hungry.

</ img>