Two security flaws have been discovered in a popular smart pet feeder that could lead to data theft and privacy violations.
According to Kaspersky cybersecurity experts, the first of these vulnerabilities is MQTT, a messaging protocol designed for communication between devices over networks with limited bandwidth or unreliable connections. Relevant to certain smart pet feeders that use hardcoded credentials (Message Queuing Telemetry Transport).
By exploiting this flaw, a hacker could execute malicious code to take control of one feeder and launch subsequent attacks against other network devices. It can also alter feeding schedules, putting your pet’s health at risk and adding financial and emotional burden to owners.
The second vulnerability is related to an insecure firmware update process. This can lead to the execution of malicious code, modification of device settings, and theft of sensitive information such as live video feeds sent to cloud servers.
“As our lives become more closely linked to smart devices, attackers are seizing the opportunity to exploit the weakest link in our interconnected ecosystem,” said Roland Sacco, security expert at Kaspersky Lab. bottom.
IoT Security Deep Dive: How to Implement a Solid IoT Cybersecurity Strategy
Cybersecurity experts say organizations need to be aware of the potential dangers of smart devices and stay vigilant.
“By staying informed, practicing good cybersecurity hygiene, and promoting collective responsibility for security, we can thwart attacker progress and maintain the integrity of our interconnected world.” added Sakko.
Kaspersky didn’t mention the pet feeder maker for security reasons, but said it immediately reported the vulnerability to the company, stressing the importance of keeping all smart devices updated with the latest firmware and software patches. emphasized.
More generally, users are advised to research manufacturers’ security reputations, review app permissions, and consider adopting trusted security solutions to protect their smart home ecosystem.
Kaspersky’s report comes a few weeks after Palo Alto Networks threat researchers released information about a new Mirai variant targeting Internet of Things (IoT) devices based on Linux OS.
