In May, Xiaomi introduced the Furrytail Pet Smart Feeder “smart” cat and dog feeder. And one of these days alone
How did it happen
Anna Prosvetova, the author of the Telegram channel “I was forced to create a channel”, said that she broke into the feeders by chance while studying the API of her device.
“Now I continued to study their API and by chancegot access to all the feeders of this model in the world. I have logs running on the screen from all existing feeders, I see data on the Wi-Fi networks of poor Chinese who bought these devices for themselves. I can suddenly feed all the cats and dogs a couple of clicks, but I can deprive them of food, by deleting schedules from devices. I see how much food everyone has in the bowl now, ”Anna wrote.
As a result, she gained access to 10,950 feeders.
“You can remotely send a request to the feeder withWith a link to the firmware, the controller will download it, install and reboot. In theory, you can force the feeders to upgrade to a dummy firmware, after which the device will die completely, and the only way to fix it will be a complete analysis, soldering to the controller pins and manually filling in the firmware. Tell that to the cats and dogs that are now eating at home from this thing and are waiting for their owners from a two-week vacation, ”the hacker said.
She immediately contacted the developers andinformed them of the discovered vulnerability. Xiaomi representatives thanked Anna and promised to deal with the problem. True, no reward was given for this.
The woman did not take out the feeders, so not a single cat or dog remained hungry.
Do you know that
The most popular Xiaomi products on Aliexpress are:
- 19-in-1 electric screwdriver for easy handling with small parts
- magnetic pad for the very screwdriver
- automatic soap dispenser with frother
- control center smart home Xiaomi
- AirPods Killer - Xiaomi AirDots