Security Researcher Gets Access To All Xiaomi Pet Feeders Around The World

It has been reported that a security researcher accidentally found a way to hack and take over all Xiaomi pet feeders located across the world. In a series of messages published on her private Telegram channel last week, the researcher said she identified vulnerabilities in the backend API and firmware of Xiaomi FurryTail smart pet feeders. She said that while looking at a device she bought from AliExpress for only $80, she found that the API allowed her to see all other FurryTail devices active located across the world. In total, she found 10,950 devices, on which the researcher claimed she could have changed feeding schedules without needing a password.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jonathan Knudsen
Jonathan Knudsen , Senior Security Strategist
InfoSec Expert
October 29, 2019 7:59 am

As we come to rely on software for more and more of our lives, we have reached a point where it\’s crystal clear that all software development must be secure development. Even a basic security analysis of the design of the pet feeder system would have revealed its vulnerabilities and resulted a more robust, resilient design. For a little extra effort, the manufacturer could have saved itself the embarrassment of this story and could have better protected the safety of customers\’ pets. Using a Secure Development Life Cycle fulfills the old proverb, \”a stitch in time saves nine.\” For a little more effort up front, you are handsomely repaid in better products, happier customers, and reduced risk.

Last edited 2 years ago by Jonathan Knudsen
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x