As everything, including our pets, begin to take on a digital element, securing connected devices and their networks will be key to keeping, not just our information, but also our most prized possessions secure. Kaspersky researchers have examined several popular smart pet feeders and discovered that some of them have vulnerabilities, allowing user to secretly spy on victims, steal data including camera and microphone recoding, gain access to other devices within the same network, and gain full control over the device.
In our interconnected world, devices like pet feeders are getting smarter by connecting to the internet. Smart pet feeders dispense food based on a schedule and offer remote monitoring and communication through features like microphones, speakers, and cameras. They are controlled through a mobile app, enabling easy management and updates.
Kaspersky experts conducted a security analysis on a popular smart pet feeder available in online marketplaces. The study uncovered several significant security issues, including the utilization of hard-coded credentials and an insecure firmware update process. If exploited by a remote attacker, these vulnerabilities could enable unauthorized execution of code, modification of device settings, and the theft of sensitive information, including live video feeds sent to the cloud server. Such weaknesses could potentially transform the pet feeder into a surveillance tool, compromising user privacy and security.
The smart pet feeder under analysis is compatible with voice assistants, allowing users to control it using voice commands. However, a critical security flaw is present in its setup. The MQTT broker’s username and password are hardcoded into the executable, making them identical for all devices of the same model. This vulnerability exposes a considerable risk, as an attacker who gains control of one feeder can exploit it to launch subsequent attacks on other network devices. Once compromised, the attacker can intercept and manipulate commands, potentially assuming full control over the device.
Finally, tampering with the feeding schedules could endanger the pet’s health and add an extra financial and emotional burden on the owner.
‘As our lives become more entwined with smart devices, attackers are seizing the opportunity to exploit the weakest links in our interconnected ecosystem. It is essential that we recognize the potential risks posed by unexpected devices and maintain a constant state of vigilance. By staying informed, practicing good cybersecurity hygiene, and fostering a collective responsibility for security, we can thwart the advances of attackers and preserve the integrity of our interconnected world,’ comments Roland Saco, security expert at Kaspersky.
