In May, Xiaomi introduced a smart feeder for cats and dogs, Furrytail Pet Smart Feeder. And the other day alone
How did it happen
Anna Prosvetova, author of the Telegram channel “I was forced to create a channel,” said that she hacked the feeders by accident while studying the API of her device.
“Now I continued to study their API and by chancegot access to all the feeders of this model in the world. I have logs running on my screen from all existing feeders, I see data on the Wi-Fi networks of the poor Chinese who bought these devices for themselves. With a couple of clicks I can suddenly feed all the cats and dogs, or, on the contrary, I can deprive them of food by deleting schedules from their devices. I see how much food is in someone’s bowl right now,” Anna wrote.
As a result, she gained access to 10,950 feeders.
“You can remotely send a request to the feederwith a link to the firmware, the controller will download it, install it and reboot. In theory, you can force the feeders to update to dummy firmware, after which the device will die completely, and the only way to fix it will be complete disassembly, soldering to the controller pins and manually updating the firmware. Tell this to the cats and dogs who are now eating from this thing at home and are waiting for their owners from their two-week vacation,” noted the “hacker.”
She immediately contacted the developersand informed them about the discovered vulnerability. Xiaomi representatives thanked Anna and promised to sort out the problem. True, no reward was given for this.
The woman did not disable the feeders, so not a single cat or dog was left hungry.
</ img>
Do you know that
The most popular Xiaomi products on Aliexpress are:
- 19-in-1 electric screwdriver for easy handling with small parts
- magnetic pad for the very screwdriver
- automatic soap dispenser with frother
- control center smart home Xiaomi
- AirPods killer – Xiaomi AirDots