Pet tech creating cybersecurity risks, research finds
Pet and animal-related apps are creating cybersecurity risks, new research has shown.
Computer scientists at Newcastle University and Royal Holloway, University of London have exposed multiple security and privacy issues by evaluating 40 popular Android apps for pets and other companion animals. The results show that several of these apps are putting their users at risk by exposing their login or location details.
Password vulnerability was one of the areas exposed by the team. They identified three applications that had the user’s login details visible in plain text within non-secure HTTP traffic. This means that anyone is able to observe the internet traffic of someone using one of these apps and will be able to find out their login information.
In addition, two of the apps also showed user details, such as their location, that may enable someone to gain access to their devices and risk a cyber-attack.
Another area of concern identified in the study was the use of trackers. All but four of the applications were found to feature some form of tracking software. A tracker gathers information on the person using the application, on how they use it, or on the smartphone being used.
The scientists also warn that the apps perform very poorly in terms of notifying the user of their privacy policy. Their analysis shows that 21 of the apps are tracking the user in some way before the user even has a chance to consent to this, violating current data protection regulations.
Scott Harper, a PhD student at Newcastle University’s School of Computing and the lead author of the study, said: “Pet tech such as smart collars and GPS trackers for your cat or dog, is a rapidly growing industry and it brings with it new security, privacy, and safety risks to the pet owners.
“While owners might use these apps for peace of mind about the health of their dog or where their cat is, they may not be happy to find out about the risks the apps hold for their own cybersecurity.
“We would urge anyone using these apps to take the time to ensure they are using a unique password, check the settings and ensure that they consider how much data they are sharing or willing to share.”
Co-author Dr Maryam Mehrnezhad, from the Department of Information Security at Royal Holloway, University of London, added: “Animal technologies can create complex risks and harms that are not easy to recognise and address. In this interdisciplinary project, we are working on solutions to mitigate such risks an allow the animal owners to use such technologies without risk or fear.”
A second study by the research team surveyed almost 600 participants from the UK, the US, and Germany. The researchers asked questions about the technologies used, incidents that have occurred or participants believe may occur, and the methods used by participants to protect their online security and privacy and whether they apply these to their pet tech.
Tthe findings show that participants do believe that a range of attacks may occur targeting their pet tech. Despite this, they take few precautions to protect themselves and their pets from the possible risks and harms of these technologies.
The researchers urge those who are using pet tech, to ensure they are using a unique password only for that app, check the settings and consider what data they are sharing. Users should be cautious about any new IoT devices they bring into their home. They should download apps associated with animal tech from known app stores and constantly check the permissions of such apps and revoke any unnecessary permission from them.