Data theft through automatic pet feeders

As everything, including our pets, begins to take on a digital dimension, the security of our connected devices and their networks will be key to keeping both our information and our most valuable possessions safe. Kaspersky researchers studied several popular automatic pet feeders and found that some of them have vulnerabilities that allow attackers to secretly spy on victims, steal data - including camera and microphone recordings - access other devices within the same network and gain full control of the device.

In our interconnected world, devices such as pet feeders are becoming smarter with internet connectivity. Smart pet feeders dispense food on a schedule and offer remote monitoring and communication through features such as microphones, speakers and cameras. They are controlled through a mobile app, allowing for easy management and updates.

Kaspersky experts conducted a security analysis on a popular smart pet feeder available in online marketplaces. The study revealed several significant security issues, including the use of hard-coded credentials and a precarious firmware update process. If exploited by a remote attacker, these vulnerabilities could allow unauthorized code execution, modification of device settings and theft of sensitive information, including live video streams sent to the cloud server. Such vulnerabilities could potentially turn the pet feeder into a surveillance tool, compromising user privacy and security.

The smart feeder under study is compatible with voice assistants, allowing users to control it using voice commands. However, there is a critical security flaw in its configuration. The MQTT broker's username and password are encoded in the executable, making them the same for all devices of the same model. This vulnerability poses a significant risk because an attacker who gains control of a feeder can exploit it to launch subsequent attacks on other devices in the network. The attacker can intercept and manipulate the commands, potentially taking full control of the device.

Finally, a breach of feeding schedules could compromise the pet's health and add additional financial and emotional burden to the owner.

To keep all smart devices, safe and secure, Kaspersky experts advise:

• Keep your devices up to date: Regularly update the firmware and software of all your connected devices, including smart pet feeders. These updates often contain important security code updates that address known vulnerabilities.
• Conduct market research: before purchasing a smart pet feeder or any connected device, research the manufacturer's reputation for security and privacy. Choose devices from trusted brands that prioritize security and provide regular updates.
  
• Be careful with app licenses: Check and limit the licenses granted to mobile apps related to your smart pet feeder. Provide only necessary access to features and data and avoid granting excessive privileges.
• Use security solutions: A reliable security solution would also be very helpful in securing and protecting the entire smart home ecosystem