Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. Last week, Prosvetova revealed on her private […]

Xiaomi FURRYTAIL Pet Feeders

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Last week, Prosvetova revealed on her private Telegram channel (@theyforcedme) to have discovered the flaw in the Xiaomi FurryTail pet feeders.

“While studying the feeder API, I discovered some records that run on the screen of any of these devices, as well as data on the WiFi networks of the people who bought them.” explained the experts. “After a couple of clicks I was able to feed any dog or cat, although it also has a malicious use, as it is possible to delete the schedules programmed by the user, which would leave the pets without food.”

Xiaomi FURRYTAIL Pet Feeders

Xiaomi FurryTail pet feeders are smart pet food dispensers that can be controlled via a mobile app to release certain quantities of food at specific times of the day.

Prosvetova bought a Xiaomi FurryTail pet feeder from AliExpress for $80, and testing the API implemented by the device she was able to find 10,950 active devices worldwide.

The researcher explained that the devices were exposed online without authentication, she was able to change feeding schedules. The expert also discovered that the devices were also using the Wi-Fi ESP8266 chipset that is affected by a flaw that could be exploited by an attacker to download and install new firmware, and reboot Xiaomi FurryTail pet feeders.

Attackers could abuse the issue to carry out various malicious activities, including DoS and DDoS attacks.

“At first she only found 800 of these devices online, although soon after this figure increased to 6, 500, to finish its count in almost 11 thousand feeders. Fortunately, Prosvetova claims that she would be unable to use these devices to negatively impact any cat or dog.” reads the post published by SecurityNewspaper.

“According to cybersecurity experts, this flaw exists because these devices have an ESP8266 driver, which allows the installation of a fake firmware to compromise their security and perform other activities, such as formatting, botnet integration, among others”

The researcher notified Xiaomi of the security vulnerabilities she discovered that acknowleding them and announced it will fix the issue as soon as possible.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Xiaomi FURRYTAIL, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]