A breach of a pet app yields more than just steps taken and butts sniffed. Compromised passwords and locations can be a treat for hackers going after humans.
An early 2023 study demonstrated a clear difference between precautions taken with general online use and precautions taken with pet technologies—a concern for researcher Scott Harper, who sees animal trackers as a source of potential hacks for the owners, ranging from password compromise to location revelations.
“I don’t think when you’re buying a GPS device to keep your dog safe, you’re thinking too much about your own privacy and safety concerns,” said Harper, a postgrad student at Newcastle University, who conducted the study with colleague Matthew Leach, alongside Royal Holloway academic Maryam Mehrnezhad.
Pet apps, often worn on the animal’s collar, provide a Fitbit-like set of activity information, like location, barking, and wandering.
The survey showed that end-user security practices, like using complex passwords and multi-factor authentication, are less present when employing pet tech.
- Generally, 373 of the 593 respondents reported using unique passwords. Only 153 admitted to using unique accounts with pet tech.
- Of the surveyed, 514 said they typically deploy strong passwords. Only 245 had them with their pet-app trackers.
A compromised password, like “dog123,” becomes a bigger problem if that’s also a password to another account that a hacker might want access to.
“If your password were to be leaked, it’s not any information on that application they’d be able to gain access to. It’s any other application or service where you’re reusing that login information,” said Harper.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Pet devices and applications capture data that may inadvertently give insight into pet owners’ routines.
“You can pretty much guess that if you know where a dog has walked, you know where a human has walked,” said Simon Lewis, product manager at PitPat, a company that produces a collar-worn, GPS device for dogs.
“And that’s the danger, isn't it, with information security? It’s not the direct information. It’s what you can infer from it,” Lewis told IT Brew.
And pet tech has been slow with security and privacy adoption. A separate Newcastle/Royal Holloway study published in 2022 showed three companies sending user login information in their non-secure HTTP traffic, and a number of apps interacted with tracking software before the user had a chance to consent.
“With the focus not being on human users, the security and privacy of human users might not be seen as a priority,” Harper told IT Brew.
And the vulnerabilities exist not just in pet tech, said Harper, but any “smart” device brought into an environment where humans aren’t the focus. (Like, say, a fish tank)
A 2023 report from the cybersecurity company SonicWall found that North America had a 145% year over year increase in malware attacks on IoT (connected) devices.
Jason Stading, consulting manager at ISG, however, does see an improvement from the early, “deliver it and forget it” days of IoT.
“More and more organizations are now becoming a little bit more security aware from the IoT perspective,” said Stading.—BH