As everything, including pets, begin to take on a digital element, securing connected devices and their networks will be key to keeping, not just information, but also the most prized possessions secure. To check if pets are secure from cyberthreats, Kaspersky Lab researchers studied several popular pet trackers and discovered vulnerabilities that allow malefactors to hack them, find out or replace a pet and its owner’s coordinates, or even steal sensitive personal data.
Trackers are used by pet owners to monitor the safety of their pets, and to track where their pets go unsupervised, by sending GPS coordinates back to the owner’s app as often as once a minute. The possibility of someone else intercepting those coordinates means they may be able to work out where a pet is at any given moment, discover details about your daily walks, and ultimately gain enough information about a pet’s movements, to kidnap it.
Kaspersky Lab researchers have discovered the following vulnerabilities across a number of popular pet tracking brands:
- Bluetooth capabilities that require no authentication for connection
- Trackers and apps transmitting sensitive data such as the owner’s name, email and coordinates
- Not checking server certificates for an HTTPS connection, making Man-in-the-Middle scenarios possible (when someone intercepts Wi-Fi traffic)
- Authorization tokens and coordinates can be stored on a device without encryption
- False firmware can be installed
- Commands can be sent to trackers without checking the user ID, meaning they could be sent by anyone, not just the owner
These findings show that even if pet trackers are not widely used for cybercrime today, they could be on a par with other connected devices in the future. And, this means that pets could be put in danger. Dog-napping, for example, is a very real threat, with statistics from the UK showing that 60 dogs are stolen every week, a number that has increased by nearly 24% over the past three years. Motives for dog-napping are varied, from stealing dogs for breeding purposes to dog fighting, or even holding dogs to ransom.
Roman Unuchek, senior malware analyst at Kaspersky Lab, comments: “The vulnerabilities in these apps and trackers certainly open up the possibility for criminals to more accurately locate people’s pets, or send false coordinates to a server, for the purpose of kidnapping. In addition, the apps for the connected devices can be used to steal users’ personal data. We haven’t yet seen any examples of trackers and their apps being used to kidnap dogs, but the information they transmit can still be used to access information about the owner, such as passwords or email addresses, which have a value for criminals.”
Kaspersky Lab has reported all vulnerabilities found to the vendors, and many of them have already been patched. Kaspersky Lab believes that it is extremely important to protect family members, including furry ones, from all possible threats. And in the modern, always-connected world, cybersecurity should be an integral part of this protection.
