Xiaomi pet food station is a favourite of hackers
Cats and other pets can be fed via the internet using "smart" pet feeding stations. It's just a shame when they get hacked and manipulated by Glünggis.
Xiaomi not only makes smartphones, but is also active in the pet business, among other things. FurryTail is the name of a pet feeding station from Xiaomi that can be controlled remotely via the internet to feed pets even when they are away. According to Russian security researcher Anna Prosvetova, she gained access to over 10,000 of these feeding stations by chance. This is reported by the blog habr. Prosvetova could have used the developer interface to change the feed rations for all stations or even cancel them altogether. It would also be possible to install custom firmware to gain permanent access to the devices and misuse them for DDoS attacks, for example.
The Twitter account Internet of Shit has long been reporting on tragicomic disasters involving devices that are unnecessarily connected to the internet. "When I started this account five years ago, I was afraid I'd run out of stuff too quickly. But there really is an unlimited supply of shit," read a tweet from early October. Pet food stations have also been a topic. The anonymous person behind the Twitter account is currently building the Internet of Shit Guide, a website that analyses and evaluates IoT products.
The Furrytail is therefore not an isolated case. Smart home products cause problems time and time again. They have insecure interfaces that are often not kept up to date with security updates. But this case is particularly bad because it could kill thousands of animals.
Update: Xiaomi says in a statement that FurryTail is not a Xiaomi product, but a device that is offered in China on numerous trading platforms, including Youpin, Xiaomi's e-commerce platform. The security specialist had not contacted Xiaomi, but the Furry team directly. <p
My interest in IT and writing landed me in tech journalism early on (2000). I want to know how we can use technology without being used. Outside of the office, I’m a keen musician who makes up for lacking talent with excessive enthusiasm.