NEWCASTLE UPON TYNE, United Kingdom — You might want to avoid sharing your deepest secrets around your pets — they could be leaking the info to hackers! A new study warns that oblivious pet owners may be exposing their personal location and login details on “vulnerable” apps many people use to track their furry companions. Researchers from two renowned British universities explain that many pet tech apps leave users’ personal data easily accessible, and their devices open to cyberattacks.
The analysis shockingly reveals that more than half of the apps (21 of 40) began tracking the user before they even gave their consent, which violates data protection regulations. Password vulnerability was one of the most vulnerable areas of animal apps, as well as the locations of someone’s cats and dogs on apps which track them.
The study’s authors warn that with the widespread use of devices such as smart collars, tracking apps, automatic feeders, and cameras for our beloved family pets comes a multitude of potential security risks which pet owners should not ignore. The research, led by scientists from Newcastle University and Royal Holloway, University of London, studied 40 popular android apps used for pets, companion animals, and farm animals.
What kind of pet tech could be leaking data?
Pet tech, which applies technology to improve the health, well-being, and overall quality of life of pets, is a fast-growing industry with hundreds of new futuristic products introduced each year. Such products include wearable devices monitoring pets’ activity, heart rates and sleep, smart feeding systems which dispense food on schedules or in response to an animal’s behavior, and apps which allow owners to manage the health records of their pets and connect with veterinary professionals.
The authors say they exposed security and privacy issues on several of the apps, which put users at risk by exposing their locations or login details. Across the apps, passwords proved to be one of the most easily accessible assets of information.
The research team found that three of the apps had users’ login details visible in plain text within HTTP traffic – information which passes between a device and the internet – which is not secure. This means anyone watching the internet traffic of someone using these apps can readily find out their login details.
The researchers also found that two of the 40 apps also displayed users’ information, such as their location, which left their devices open and at risk of cyberattacks. The study, first presented at the 2022 IEEE European Symposium on Security and Privacy Workshops conference, identified trackers as another huge area of concern.
All but four out of the 40 pet-tech apps had some form of tracking software, which gathers information on the person using the software, how it is being used, or the device the app is linked to. Additionally, the scientists warn that these apps do a poor job of informing users of their privacy policies. The authors of the study encourage pet owners to check how much they are agreeing to share prior to signing up for pet tech apps.
“Pet tech such as smart collars and GPS trackers for your cat or dog, is a rapidly growing industry and it brings with it new security, privacy, and safety risks to the pet owners,” says lead study author Scott Harper, a PhD student at Newcastle University’s School of Computing, in a media release.
“While owners might use these apps for peace of mind about the health of their dog or where their cat is, they may not be happy to find out about the risks the apps hold for their own cybersecurity,” the study author continues.
“We would urge anyone using these apps to take the time to ensure they are using a unique password, check the settings and ensure that they consider how much data they are sharing or willing to share.”
Pet owners rarely monitor their pet tech
A further study by the team surveyed nearly 600 participants from the United Kingdom, Germany, and the United States. The survey asked participants about the technologies they used, incidents that have occurred, the methods used by participants to protect their online security and privacy, and whether they apply these tactics to their pet tech.
The findings, published in the journal Proceedings of the 12th International Conference on the Internet of Things, show that despite participants believing attacks targeting their pet tech apps may occur, pet owners do little to protect themselves and their companions from this potential danger.
“We are using modern technologies to improve several aspects of our lives,” says study co-author Dr. Maryam Mehrnezhad, from the University of London’s Department of Information Security at Royal Holloway.
“However, some of these (often) cheap technologies come at the price of our privacy, security, and safety. Animal technologies can create complex risks and harms that are not easy to recognize and address. In this interdisciplinary project, we are working on solutions to mitigate such risks an allow the animal owners to use such technologies without risk or fear.”
“We would urge those developing these technologies to increase the security of these devices and applications to reduce risk of their personal information or location being shared,” adds co-author Dr. Matt Leach, Director of the Comparative Biology Center at Newcastle University.
South West News Service writer James Gamble contributed to this report.