A bowl full of security issues: Unveiling the theft of personal data from smart pet feeders
By Staff Writer 3 July 2023 | Categories: newsIt appears that some pet feeders have an unexpected bite. Smart pet feeders, which dispense food based on a schedule and offer remote monitoring and communication through features like microphones, speakers, and cameras, can be undeniably convenient, especially for busy pet owners. They are controlled through a mobile app, enabling easy management and updates.
But Kaspersky researchers have examined several popular smart pet feeders available on online marketplaces and have discovered that some of them have vulnerabilities, allowing to secretly spy on victims, steal data including camera and microphone recordings, gain access to other devices within the same network, and gain full control over the device.
A Kaspersky study has uncovered several significant security issues with pet feeders, including the utilisation of hard-coded credentials and an insecure firmware update process. If exploited by a remote attacker, these vulnerabilities could enable unauthorised execution of code, modification of device settings, and theft of sensitive information, including live video feeds sent to the cloud server. Such weaknesses could potentially transform the pet feeder into a surveillance tool, compromising user privacy and security.
The smart pet feeder under analysis is compatible with voice assistants, allowing users to control it using voice commands. However, a critical security flaw is present in its setup. The MQTT broker's username and password are hardcoded into the executable, making them identical for all devices of the same model. This vulnerability exposes a considerable risk, as an attacker who gains control of one feeder can exploit it to launch subsequent attacks on other network devices. Once compromised, the attacker can intercept and manipulate commands, potentially assuming full control over the device.
Finally, tampering with the feeding schedules could endanger the pet’s health and add an extra financial and emotional strain.
“As our lives become more entwined with smart devices, attackers are seizing the opportunity to exploit the weakest links in our interconnected ecosystem. It is essential that we recognise the potential risks posed by unexpected devices and maintain a constant state of vigilance. By staying informed, practicing good cybersecurity hygiene, and fostering a collective responsibility for security, we can thwart the advances of attackers and preserve the integrity of our interconnected world,” comments Roland Saco, security expert at Kaspersky.
The Kaspersky team has reported all vulnerabilities found to the vendor.
To keep all smart devices secure and protected, Kaspersky experts compiled the following tips:
- Keep your devices updated: Regularly update the firmware and software of all your connected devices, including smart pet feeders. These updates often contain crucial security patches that address known vulnerabilities.
- Research before purchase: Before buying a smart pet feeder or any connected device, research the manufacturer's reputation for security and privacy. Choose devices from reputable brands that prioritise security and provide regular updates.
- Be cautious with app permissions: Review and limit the permissions granted to mobile apps associated with your smart pet feeder. Only provide necessary access to features and data - and avoid granting excessive privileges.
- Use security solution solutions: A reliable security solution would also be very helpful in securing and protecting the entire smart home ecosystem.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?