Woburn, MA – June 20,
2023 – Kaspersky
researchers have released results from a study of security issues in a popular smart pet feeder. The research uncovered vulnerabilities that allow attackers to
secretly spy on victims, access other devices within the same network, gain
full control over the device, and steal data, including camera and microphone
recordings.
In recent years, various household devices have smarter by connecting to the internet. Smart pet feeders generally dispense food based on a schedule and offer remote monitoring and communication through features like microphones, speakers, and cameras. They are controlled through a mobile app, enabling easy management and updates.
Kaspersky experts conducted a security analysis on a popular smart pet feeder available in online marketplaces. The study uncovered several significant security issues, including the use of hard-coded credentials and an insecure firmware update process. If exploited by a remote attacker, these vulnerabilities could enable unauthorized execution of code, modification of device settings, and the theft of sensitive information, including live video feeds sent to the cloud server. Such weaknesses could potentially transform the pet feeder into a surveillance tool, compromising user privacy and security.
The smart pet feeder under analysis is compatible with voice assistants, allowing users to control it using voice commands. However, a critical security flaw is present in its setup. The MQTT broker's username and password are hard-coded in the executable file, making them identical for all devices of the same model. This vulnerability poses a significant risk, because an attacker who gains control of one feeder can exploit it to launch subsequent attacks on other devices in the network. Once compromised, the attacker can intercept and manipulate commands, potentially assuming full control over the device.
The researchers also noted that tampering with the feeding schedules could endanger the pet’s health and add an extra financial and emotional burden on the owner.
“As our lives become more entwined with smart devices, attackers are seizing the opportunity to exploit the weakest links in our interconnected ecosystem,” Roland Sako, security expert at Kaspersky. “It is essential that we recognize the potential risks posed by unexpected devices and maintain a constant state of vigilance. By staying informed, practicing good cybersecurity hygiene, and fostering a collective responsibility for security, we can thwart the advances of attackers and preserve the integrity of our interconnected world.”
Kaspersky has reported all vulnerabilities found to the vendor.
Learn more about the weakness of smart pet feeders on Securelist.com.
To keep all smart devices, secure and protected, Kaspersky experts compiled the following tips:
· Keep your devices updated: Regularly update the firmware and software of all your connected devices, including smart pet feeders. These updates often contain crucial security patches that address known vulnerabilities.
· Research before purchase: Before buying a smart pet feeder or any connected device, research the manufacturer's reputation for security and privacy. Choose devices from reputable brands that prioritize security and provide regular updates.
· Be cautious with app permissions: Review and limit the permissions granted to mobile apps associated with your smart pet feeder. Only provide necessary access to features and data, and avoid granting excessive privileges.
· Use a reliable security solution, which can be very helpful in securing and protecting the entire smart home ecosystem.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
Media Contact
Sawyer Van Horn
sawyer.vanhorn@Kaspersky.com
(781) 503-1866
