Pet technology, intended to provide help and safety to animals and their owners, has its own vulnerabilities.

Pet owners are increasingly turning to technology for a variety of pet care reasons, such as feeding, health monitoring, and activity and movement tracking. Much of this technology operates through devices and applications connected to the Internet of Things (IoT), presenting privacy and security risks to those who use them.

What are the risks, how serious are they, and what steps have pet owners taken to protect themselves?

These issues and questions are the subject of a new study titled “Security and privacy of pet technology: real risks versus user perceptions” led by a research team from the University of Newcastle in the United Kingdom. Uni and the University of London. It is published in Frontiers of the Internet of Things.

Technologies are available for many aspects of pet care. Owners can use apps and devices to feed their pets remotely; distribute water and medicine to them; play with them (e.g.: automatic ball launchers for dogs); watch and listen to them directly via cameras; and via wearable devices, monitor their activity and track their movements via GPS.

However, despite pet technology’s projected market value of $3.7 billion by 2026, only a few studies to date have specifically addressed its privacy and security. The fact that it works via IoT means that in the event of a security breach, a homeowner’s personal information, such as their home address and details of the household’s residents, including pets and children, could be exposed; or that an app or device performing a crucial function, such as a medication dispenser, could be misused or simply shut down.

In this new survey, researchers first analyzed the privacy and security practices and vulnerabilities of 20 commonly used pet tech apps, then surveyed a group of 593 users from Germany, the Kingdom -United States to determine what technology they were using; their experiences with its security vulnerabilities; their awareness, needs and concerns on this subject; and the steps they had taken to protect themselves and their pets.

The researchers also carried out a detailed assessment of legislation in seven European countries, the European Union and the US state of California regarding animal welfare and privacy, for specific mentions of animal technology. regarding privacy and security. Finally, the team compared users’ perceptions and concerns about the technology with its actual risks.

A lack of regulation and loose technological security

Among notable findings, the assessment found that unlike laws regulating the use of technology to collect and store human data, there are virtually no legal regulations setting privacy and security standards in the field of pet technology. The team confirmed this through discussions with animal technology experts from academia and industry.

The implications of this gap are profound. The document states: “Given the lack of regulation, animal apps that do not store any data relating to people do not need to follow the same restrictions as apps designed for humans. However, many of these apps capture data about people or data relating to people. to the actions of individuals.

In fact, the team found that two of the 20 apps examined “had the user’s login information visible in plain text in unsecured HTTP traffic,” according to the paper. They also discovered that one of these apps would allow a malicious actor to determine the exact location of a user’s pet, and that both would provide a wealth of detailed information about users (name, address, telephone number, email) and their pets (health conditions). , medications, etc.).

Researchers have contacted the companies behind both apps about these vulnerabilities. One company then implemented HTTPS encryption for its communications; the other never responded.

Inability to consent to privacy policies

Nineteen of the 20 apps also included at least one form of tracking software, and 14 of them began tracking users before giving them the opportunity to consent.

Regarding privacy, only one in 20 apps clearly displayed a privacy policy to users and asked them to indicate their agreement.

Another nine did not mention or display any privacy policy during user registration, and the remaining 10 only provided a link to a privacy policy without displaying it. This violates the EU General Data Protection Regulation (GDPR) 2018; one of the legislative policies included in the team’s assessment), which states that user consent must be given for user data to be processed.

Furthermore, the document states: “None of the apps allow the user to opt out of the privacy policy and continue using the app,” which also violates the GDPR.

Respondents’ experiences and predictions

There were 199 participants from the United Kingdom, 197 from the United States and 197 from Germany. Of these, 511 confirmed using some form of pet technology; the most common included automatic feeders, cameras, GPS/location trackers, and microchips. Many participants also reported using smart toys and mobile apps for health tracking.

Of the commonly reported incidents, 132 reported devices that stopped working and 35 respondents reported being unable to access their accounts. Nine respondents reported data breaches, seven reported harm to their pets, and six reported that someone else had accessed their account.

None of the respondents reported specific incidents of harm to a human user, and in fact, there were 409 affirmative responses of “none” regarding harm to a human being.

But when it came to predictions, more respondents (330) thought a device might not work than those who speculated they might experience a data leak (287), inability to access their account ( 146), unauthorized access to the account by someone. otherwise (136), or harm their pet (95) or themselves (44).

Respondent Privacy and Security Measures

Although relatively few respondents said they had experienced actual privacy or security incidents, many more thought it could happen. But the researchers noted that far fewer respondents reported taking similar safety measures specifically with their pet technology than they generally did.

This was true across the board for questions about two-factor authentication, unique account passwords, strong passwords, system updates, backing up data, and taking security precautions , and not any.

What is needed next?

The researchers conclude with numerous recommendations aimed at providing more and improved precautionary information to users of IoT devices and pet technologies, stricter regulations on these technologies, and improvements in privacy and security. security of the technology itself.

They also call for further research in this area “in the hope of providing practical solutions to improve the quality of life of animals and their owners without any risk or fear for the safety, privacy and security of animals.” animals and their owners. “

© 2024 Science X Network