A cyber security firm’s research has found several pet tracking devices to be vulnerable to hackers and other forms of cyber crime.
The Kaspersky research found products made by several well-known brands had vulnerabilities in:
- Bluetooth capabilities that require no authentication for connection
- Trackers and apps transmitting sensitive data such as the owner’s name, email and coordinates
- Not checking HTTPS for connection, making man-in-the-middle scenarios when someone intercepts your wifi traffic
- Authorisation tokens and coordinates can be stored on a device without encryption
- False firmware can be installed
- Commands can be sent to trackers without checking the user ID, meaning commands could be sent by anyone, not just the owner
The vulnerabilities in the products can make it easy for dog nappers to season control of the dogs location and commands. So-called dog-napping is reported to be on the rise with 1,774 incidents reported to UK police in 2016.
David Mole, head of retail at Kaspersky Lab said: “There are numerous opportunities for criminals to send false coordinates to the server, or accurately pinpoint people’s pets to kidnap them, due to vulnerabilities in apps and trackers.
“These trackers have not yet been used to kidnap dogs, but the information that is transmitted could be susceptible to being accessed by criminals who want to obtain valuable data such as passwords.”