Introduction to security researchers from St. Petersburg, Russia's Anna Providence Cituo baby last week in a series of messages posted on their private channel Telegram said she found the backend API and firmware millet FurryTail Smart Pet Feeder's vulnerability.
And back-end API backend API firmware and firmware millet FurryTail Smart Pet Feeder vulnerabilities in millet FurryTail Smart Pet Feeder of vulnerabilities
A Russian security researcher said that she accidentally found a way to take over all *** and millet Pet Feeder around the world.
Security researchers from St. Petersburg, Russia's Anna Providence Cituo baby last week in a series of messages posted on their private channel Telegram said she found the backend API and firmware millet FurryTail Smart Pet Feeder's vulnerability.
These are intelligent pet food containers, can be configured through the mobile application to a specific time of day release a small amount of food.
Millet FurryTail food processing equipment designed for cats and dogs, when the owner left alone in the house or apartment will be a long journey pets, often using them.
The researchers found 10,950 a FURRYTAIL feeders
Providence Cituo baby that when she looked at the device as soon as possible only sell through their own purchases (US $ 80) and found that API so that she can see all other active FurryTail equipment around the world .
She found a total of 10,950 sets of equipment, the researchers claimed that her feeding schedule can be changed without the need for a password.
In addition, she also found that the use of the device ESP8266 chipset WiFi connection. She said that the chipset that could allow *** can download and install the new firmware, and then restart the feeder, so that changes can be retained.
Prosvetova said that the vulnerability can easily be automated to want to pet feeder hijacked to IoT DDoS botnet *** is ideal, because the whole process and on a large scale.
Millet last week notified
the researchers millet contacted by e-mail last week, and found security vulnerabilities notified the Chinese suppliers. In her Telegram channel posted on a subsequent message, she released a screenshot of vendor responses, which recognized the error and promised to repair it.
Millet spokesman did not send back an email requesting more information about the patch.
And back-end API backend API firmware and firmware millet FurryTail Smart Pet Feeder vulnerabilities in millet FurryTail Smart Pet Feeder of vulnerabilities
It is not clear whether the fix has been deployed, but Prosvetova avoid publishing the exact details of the error, she discovered, so that suppliers have more time to solve this problem. Millet representatives also told the researchers that she did not qualify for the bounty vulnerability, because the company did not run like most large technology companies such as Vulnerability Reward Program (VRP).
For more information, please see linux: https://www.linuxprobe.com