How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active for 'legacy compatibility' two months later.
I never understood why people would buy their products with an internet connection. They sell perfectly fine dump-automatic-feeders where you can configure everything with the controls on the device itself. Have a 5l dual-feeder (did cost me 100 bucks) which usually lasts for more than a week, perfect to leave the cats alone for a weekend away. Combined with automated waste disposal the only thing you need to do (other than maintaining the machines from time to time) is pet and cuddle with them.
Unfortunately I don’t know of any brands that sell non-IoT dry food feeders that have RFID/microchip recognition. My kitties are geriatric and require different prescription foods. Fortunately I bought a model that doesn’t have mic/camera, they’re on an isolated network, and I have network wide ad/tracker blocking. But I’d be open to alternatives if you know of any.