Security and privacy of pet technologies: actual risks vs user perception

Abstract

As IoT becomes more and more commonplace, it is expanding into many different industries. One of these rapidly growing industries is pet tech, technologies designed to aid with the care of pets, expected to reach a market value of $3.7 billion by 2026. As with all IoT technologies, these devices introduce new security, privacy, and safety risks to their users and their homes. Despite these risks, the security and privacy (SP) of these devices, and their users’ concerns regarding these issues, remain an under-researched field, leaving the users of these devices at risk of attack and unable to effectively protect themselves. In this paper, we perform two studies to address this research gap. First, we perform an SP analysis of 20 popular pet tech apps, finding serious security vulnerabilities, as well as poor SP practices. Among our findings, 2 out of 20 apps exposed user login and account details in non-encrypted traffic and 14 communicated with trackers before the user could consent. Second, we perform a user study of 593 participants across 3 different countries (United Kingdom, United States, Germany) to gain an understanding of what technologies are in use, incidents that have or they believe may occur, as well as the methods used by participants to protect their online SP compared to pet tech. We perform a demographic analysis of these results, finding many similarities across the countries and genders, as well as a few differences in concerns and expectations. We study the state of the security and privacy of pet technologies and the awareness, concerns, and desires of users. We find that 521 participants do believe that a range of attacks may occur targeting their pet tech. Despite this, they take fewer precautions with these devices, exposing themselves and their pets to the possible risks and harms of these technologies.