If Garfield had one wish, it would be for a hacker to take over his food bowl and dispense copious, perhaps unlimited, portions of lasagna. Well, good news, Garfield.
Anna Prosvetova, a Russian security researcher from St. Petersburg discovered by pure chance that all Xiaomi-branded pet feeders were vulnerable to hacking. So if kitty is on a diet—and a hacker was really bored—that could become an issue.
On the backend of the software used to control the pet feeders, Prosvetova discovered vulnerabilities in the Application Programming Interface (API) and in the firmware, which provides low-level control of the hardware.
Specifically, she found this security flaw in the Xiaomi FurryTail smart pet feeders, created by Xiaomi Corp., the Beijing, China-based consumer electronics company.
Prosvetova told ZDNet that she was checking out one of her own devices. That’s when she discovered that the API let her see all other FurryTail devices across the globe. That’s 10,950 devices, to be exact.
She could have hacked into each of those smart feeding devices and changed schedules and the amount of food dispensed without a password or any other access tool.
Last week, Prosvetova notified Xiaomi of the flaw via email, she said, and the company responded by saying it would fix the gaping security hole. It’s unclear if the bug has been fixed, but at the time this story published, Popular Mechanics found AliExpress was still selling the vulnerable pet feeders.