An Interest In:
Web News this Week
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
October 26, 2019 01:20 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XE33NP7EsNY/security-researcher-gets-access-to-thousands-of-automatic-pet-feeders-by-xiaomi
Security Researcher Gets Access To Thousands of Automatic Pet Feeders By Xiaomi
New submitter arkamax writes: A security researcher based in Russia discovered that her research (article in Russian, Google Translate) into API for a new automatic pet feeder manufactured by Xiaomi resulted in obtaining full control of approximately 10,950 of similar devices across the world. She found ways to access logs of those pet feeders, change their settings, invoke manual feeding or completely delete all feeding schedules. She mentioned that the feeder is based on a widely known ESP8266 embedded board, adding that "apparently one could send a remote request to the feeder to download a firmware update. An evil person could use that to reboot those devices and brick them afterwards. The only way to fix it would involve mechanical disassembly and a manual firmware update that requires connecting directly to the board. Explain THAT to poor kitties and puppies who eagerly wait for their owners to come back from a two-week vacation." She then added that the "whole architecture is one epic fail and it's hard to imagine a speedy fix." The researcher chose to stick to the responsible disclosure guidelines and declined to disclose any details until the issues are fixed. Since then, the manufacturer was reported to have fixed a few critical issues but the bulk of the vulnerability still remains. Looks like S in "IoT" remains to stand for Security.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/XE33NP7EsNY/security-researcher-gets-access-to-thousands-of-automatic-pet-feeders-by-xiaomi
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot