Security assessment of the Furbo pet camera: DES-encrypted password and 17 issues found. 👨🏻‍💻🔬📷🐺🐱

Security researcher Julian B shares in a series of posts his research on the interactive pet camera Furbo 360. The author conducted a full-spectrum security assessment analyzing hardware, firmware, mobile app logic, BLE, cloud integrations, and backend messaging systems.

The strongest part of this research is its coverage: every aspect of the device architecture was reviewed, all the interfaces were examined, tested, and the findings were presented.

If you plan to do security research and are looking for an example of how to write it up - this is the way :)

Enjoy the read, happy learning, and please share with colleagues and others who want to learn hardware hacking!

More details:

Hacking Furbo - A Hardware Research Project

Part 1: Acquiring the Hardware [Blog]: https://www.softwaresecured.com/post/hacking-furbo-a-hardware-research-project-part-1-acquiring-the-hardware

Part 2: Mobile and P2P Exploits [Blog]: https://www.softwaresecured.com/post/hacking-furbo-a-hardware-research-project-part-2-mobile-and-p2p-exploits

Part 3: Chip Off and Persistence [Blog]: https://www.softwaresecured.com/post/hacking-furbo-a-hardware-research-project-part-3-chip-off-and-persistence

Part 4: Debugging, DeviceIDs, and Dev Tools [Blog]: https://www.softwaresecured.com/post/hacking-furbo-a-hardware-research-project-part-4-debugging-deviceids-and-dev-tools

Part 5: Exploiting BLE [Blog]: https://www.softwaresecured.com/post/hacking-furbo-a-hardware-research-project-part-5-exploiting-ble

Part 6: The Finale [Blog]: https://www.softwaresecured.com/post/hacking-furbo-a-hardware-research-project-part-6-the-finale

Subscribe now