Sources Contact Advanced Search Tutorials

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

October 26, 2019 01:20 am

Security Researcher Gets Access To Thousands of Automatic Pet Feeders By Xiaomi

New submitter arkamax writes: A security researcher based in Russia discovered that her research (article in Russian, Google Translate) into API for a new automatic pet feeder manufactured by Xiaomi resulted in obtaining full control of approximately 10,950 of similar devices across the world. She found ways to access logs of those pet feeders, change their settings, invoke manual feeding or completely delete all feeding schedules. She mentioned that the feeder is based on a widely known ESP8266 embedded board, adding that "apparently one could send a remote request to the feeder to download a firmware update. An evil person could use that to reboot those devices and brick them afterwards. The only way to fix it would involve mechanical disassembly and a manual firmware update that requires connecting directly to the board. Explain THAT to poor kitties and puppies who eagerly wait for their owners to come back from a two-week vacation." She then added that the "whole architecture is one epic fail and it's hard to imagine a speedy fix." The researcher chose to stick to the responsible disclosure guidelines and declined to disclose any details until the issues are fixed. Since then, the manufacturer was reported to have fixed a few critical issues but the bulk of the vulnerability still remains. Looks like S in "IoT" remains to stand for Security.

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot