Two security flaws have been discovered in popular smart pet feeders that could lead to data theft and privacy invasion.
According to cybersecurity experts at Kaspersky, the first of these vulnerabilities relates to certain smart pet feeders using hard-coded credentials for MQTT (Message Queuing Telemetry Transport), a messaging protocol designed for communication between devices over networks with limited bandwidth or unreliable connections.
Exploiting this flaw, hackers could execute unauthorized code and gain control of one feeder to launch subsequent attacks on other network devices. They could also tamper with the feeding schedules, potentially endangering the pet’s health and adding an extra financial and emotional burden on the owner.
The second vulnerability is related to an insecure firmware update process. This could lead to unauthorized code execution, modification of device settings and the theft of sensitive information, including live video feeds sent to the cloud server.
“As our lives become more entwined with smart devices, attackers are seizing the opportunity to exploit the weakest links in our interconnected ecosystem,” commented Roland Saco, a security expert at Kaspersky.
Read more on IoT security: How to Implement a Foolproof IoT Cybersecurity Strategy
According to the cybersecurity professional, organizations must acknowledge the potential hazards of smart devices and remain consistently vigilant.
“By staying informed, practicing good cybersecurity hygiene, and fostering a collective responsibility for security, we can thwart the advances of attackers and preserve the integrity of our interconnected world,” Saco added.
Kaspersky did not mention the pet feeder manufacturer for security reasons but said it promptly reported the vulnerabilities to them, emphasizing the importance of keeping all smart devices updated with the latest firmware and software patches.
More generally, users are advised to research manufacturers’ security reputations, review app permissions and consider deploying reliable security solutions to safeguard their smart home ecosystems.
The Kaspersky report comes weeks after Palo Alto Networks threat researchers unveiled information regarding a new Mirai variant targeting Internet of Things (IoT) devices based on the Linux OS.