Kaspersky Lab, arguably the world's top cybersecurity expert, has checked out some of the top-selling pet trackers and found them, like most connected devices, vulnerable to hacks.
Pet trackers are used to check on our pets' locations, their well-being, and their activity and/or activity levels. They may keep data on your pets' health, diet, shots, and other records. Because these devices are connected to their owners' devices through GPS systems, they are also an entry into their owners' data.
Though hacking pet devices is not currently widespread, Kaspersky Lab projects that unless specific steps are taken to protect the devices, there may be more pet thefts in the future. In the UK, pet theft is up 24 percent in three years, a startling increase. Kaspersky predicts that pet thefts will rise as thieves begin hacking pet devices. The Lab has pinpointed weaknesses in the systems, as reported by asianage.com. Vulnerability is high when:
- Bluetooth capabilities require no authentication for connection.
- Trackers and apps transmit sensitive data such as the owner’s name, email and coordinates.
- Users do not require server certificates for an HTTPS connection, making "Man-in-the-Middle" scenarios possible (when someone intercepts Wi-Fi traffic).
- Authorization tokens and coordinates can be stored on a device without encryption.
- False firmware can be installed.
- Commands can be sent to trackers without checking the user ID, meaning they could be sent by anyone, not just the owner.
Asian Age reported the comments of Roman Unuchek, senior malware analyst at Kaspersky Lab: “The vulnerabilities in these apps and trackers certainly open up the possibility for criminals to more accurately locate people’s pets, or send false coordinates to a server, for the purpose of kidnapping. In addition, the apps for the connected devices can be used to steal users’ personal data. We haven’t yet seen any examples of trackers and their apps being used to kidnap dogs, but the information they transmit can still be used to access information about the owner, such as passwords or email addresses, which have a value for criminals.”
Fortunately, Kaspersky Lab has communicated these hacking dangers to pet tracker manufacturers and many of these have already been fixed. Before purchasing a pet tracker, check to make sure that the devices you consider have addressed these weaknesses to their systems.