Pet technologies have reached new heights in sophistication and pet owners can now purchase gadgets that monitor their pet’s activities, food intake, calorie use, sleep hours and location. Some of the apps allow the owner to observe the pet, talk to it in order to comfort it in their absence, or even activate toys that entertain it through the day. However, these apps may have a hidden cost in terms of cybersecurity.
Computer scientists from Newcastle University and Royal Holloway, University of London, have evaluated the privacy and security status of 40 popular Android apps for pets, companion animals and farm animals. The team presented the results at the 2022 IEEE European Symposium on Security and Privacy Workshops conference, and published them in the Proceedings of this conference.
The researchers found that many of these apps, designed to put the minds of pet owners at ease, also put their privacy and security at risk in various ways by exposing their login or location details. The apps relate to the use of smart gadgets as diverse as cameras, water and food dispensers, GPS trackers, wearable devices that track pet activity, and toys that can be activated remotely. There are also apps and platforms that allow owners to track and manage their pets’ health records and connect with veterinary professionals.
Scott Harper is a PhD student at Newcastle University’s School of Computing and the lead author of the study. “Pet tech such as smart collars and GPS trackers for your cat or dog, is a rapidly growing industry and it brings with it new security, privacy, and safety risks to the pet owners,” said Harper. “While owners might use these apps for peace of mind about the health of their dog or where their cat is, they may not be happy to find out about the risks the apps hold for their own cybersecurity.”
Password vulnerability was one of the areas exposed by the team. They identified three applications that had the user’s login details visible in plain text within non-secure HTTP traffic. This means that anyone is able to observe the internet traffic of someone using one of these apps and will also be able to find out their login information. In addition to login information, two of the apps also showed user details, such as their location, which may enable someone to gain access to the devices and mount a cyber-attack.
Another area of concern identified in the study was the use of trackers. All but four of the applications were found to feature some form of tracking software. A tracker gathers information on the person using the application, on how they use it, or on the smartphone being used.
The scientists also warn that the apps perform very poorly in terms of notifying the user of their privacy policy. Their analysis shows that 21 of the apps are tracking the user in some way before the user even has a chance to consent to this, which violates current data protection regulations.
“We would urge anyone using these apps to take the time to ensure they are using a unique password, check the settings and ensure that they consider how much data they are sharing or willing to share,” said Harper.
“We are using modern technologies to improve several aspects of our lives. However, some of these (often) cheap technologies come at the price of our privacy, security, and safety,” said study co-author Dr. Maryam Mehrnezhad. “Animal technologies can create complex risks and harms that are not easy to recognize and address. In this interdisciplinary project, we are working on solutions to mitigate such risks and allow the animal owners to use such technologies without risk or fear.”
In a second, related study, the research team surveyed almost 600 pet owners from the UK, USA and Germany. They asked questions about the technologies used, the incidents that have occurred or that participants believe may occur, and the methods used by participants to protect their online security and privacy and whether they apply these to their pet tech.
The results show that participants do believe they are vulnerable to a range of attacks that may target their pet tech. Despite this, they take few precautions to protect themselves or their pets from the possible risks and harms of these technologies.
“We would urge those developing these technologies to increase the security of these devices and applications to reduce risk of their personal information or location being shared,” said study co-author Dr. Matt Leach.
The researchers also urge those who are using pet tech to ensure they are using a unique password, check the settings, and consider what data they are sharing. Users should be cautious about any new IoT (Internet of Things) devices they bring into their homes. They should download apps associated with animal tech from known app stores and constantly check the permissions of such apps and revoke any unnecessary permission from them. Guides such as Mozilla’s `*Privacy Not Included’ project are available to help inform consumers of the potential security and privacy risks.
—
By Alison Bosman, Earth.com Staff Writer
Check us out on EarthSnap, a free app brought to you by Eric Ralls and Earth.com.