Animal trackers in the soup as cats and dogs leak human data

Cheap and nasty Android devices being used to track animals could be exploited by hackers, creating cybersecurity risks for humans, new research has shown

Researchers from Newcastle University and Royal Holloway, University of London, have uncovered multiple security and privacy issues with popular Android apps for pets, farm animals, and other companion animals and warn apps are exposing their humans’ login and location details, putting them at risk of cyberattacks.

Scott Harper, the lead author of the study presented at the 2022 IEEE European Symposium on Security and Privacy Workshops conference, warned that the rapidly growing pet tech industry brings new security, privacy, and safety risks to pet owners.

“While owners might use these apps for peace of mind about the health of their dog or where their cat is, they may not be happy to find out about the risks the apps hold for their own cybersecurity,” says Harper, a PhD student at Newcastle University's School of Computing.

“We would urge anyone using these apps to take the time to ensure they are using a unique password, check the settings and ensure that they consider how much data they are sharing or willing to share.”

The pet care industry is experiencing a rapid expansion of technology aimed at enhancing the health, wellbeing, and quality of life of pets. Pet tech includes various products such as GPS trackers, automatic feeders, and pet cameras.

Wearable devices capable of monitoring activity levels, heart rate, and sleep patterns are also part of this new wave of pet tech, alongside smart feeding systems that dispense food on a predetermined schedule or based on the animal's behaviour. Additionally, there are apps and platforms available that allow pet owners to track and manage their pets' health records, as well as connect with veterinary professionals.

“We are using modern technologies to improve several aspects of our lives,” says co-author Dr Maryam Mehrnezhad, from the Department of Information Security at Royal Holloway, University of London. “However, some of these often cheap technologies come at the price of our privacy, security, and safety. 

“Animal technologies can create complex risks and harms that are not easy to recognise and address,” she says. “In this interdisciplinary project, we are working on solutions to mitigate such risks and allow the animal owners to use such technologies without risk or fear.”

Privacy violated as animals and users tracked

The study evaluated 40 popular Android apps and revealed that password vulnerability was one of the major areas of concern. Three applications had their user's login details visible in plain text within non-secure HTTP traffic. This makes it possible for anyone to observe the internet traffic of someone using these apps and find their login information. Additionally, two apps showed user details, such as their location, which could enable someone to access their devices and risk a cyber-attack.

The study also found that all but four apps featured some form of tracking software. These trackers gather information on the user, how they use the application, or on the smartphone being used. The researchers also noted that the apps perform very poorly in notifying the user of their privacy policy. Their analysis showed that 21 apps track the user in some way before the user even has a chance to consent, violating current data protection regulations.

In addition, the research team surveyed almost 600 participants from the UK, USA and Germany, asking questions about the technologies used, incidents that have occurred or participants believe may occur, and the methods used by participants to protect their online security and privacy and whether they apply these to their pet tech. The findings show that despite believing that a range of attacks may occur targeting their pet tech, participants take few precautions to protect themselves and their pets from the possible risks and harms of these technologies.

The researchers warn users of pet tech should take precautions such as using a unique password for each app, checking the settings and considering what data they are sharing. They advise being cautious about any new IoT devices brought into the home, downloading apps from known app stores and constantly checking the permissions of such apps and revoking any unnecessary permission. Guides such as Mozilla's *Privacy Not Included project are available to help inform consumers about the potential security and privacy risks. 

“We would urge those developing these technologies to increase the security of these devices and applications to reduce risk of their personal information or location being shared,” says co-author Dr Matt Leach, Director of Comparative Biology Centre, Newcastle University.


Featured Articles

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

See Below for a Newly Announced Speaker List for Tech Show London 2024, as it Promises to Showcase Technology Trends Will Impact Various Sectors

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Security