On the Security and Privacy of Animal Technologies

Abstract

As the Internet of Things (IoT), smart devices, and their corresponding mobile apps are becoming increasingly widespread, they are expanding into various different industries. One of these rapidly expanding sectors is animal technologies, which includes systems and devices designed to assist with animal care. In pet tech only, it is projected to reach a market value of $3.7 billion by 2026 [104]. However, these systems bring new security, privacy, and safety risks to users, their animals, and their homes. Despite these concerns, the risks of these systems, as well as the users’ apprehensions about these issues, remain under-researched. This lack of research and data protection regulations in this space leaves users vulnerable to attacks and hampers their ability to protect themselves effectively. This PhD work investigates various aspects of the security and privacy of these technologies to inform the current state of risk and user perceptions. Security and Privacy of Animal Apps: In the first part of this thesis, our work involves a range of tools used to perform static, dynamic, network traffic, and privacy policy analysis on a set of 40 animal Android apps (both farm animals and pets). We identify poor security and privacy practices that do not effectively gain the consent of the user and communicate their details in ways that may leave them vulnerable. We additionally find that some of the apps are communicating the user’s login details in plaintext in non-secure http traffic, leaving them vulnerable to very obvious, yet dangerous attacks, by anyone who is able to view this network traffic. These issues were communicated to the companies responsible, with those who responded having the issue fixed upon later retesting. Sensor-based IoT Identification: The second part of the thesis looks at a possible identification method to be used by resource-constrained IoT devices, with limited interaction methods, such as those used on and around animals e.g., at a large scale on a farm. In our proof-of-concept implementation, by utilising the accelerometers already present in such devices (i.e., the Nordic Thingy 52 and 53), we capture the data pattern created from physically tapping two IoT devices together. Our results showcase the feasibility of implementing such a system that is able to correctly identify matching tapping events from IoT devices which want to pair for secure communication. We test a range of signal processing methods, such as the correlation coefficient and energy of the signals, combining those found to be effective for our final similarity calculation. The proposed system is able to achieve an EER of 3.5% when comparing 100 samples of data against each other, with possible adjustments to the threshold to get a lower FAR if needed. User Studies of Animal Technologies Security and Privacy: In this final part of this PhD work, we turn our focus to the users of these systems (more specifically, pet owners). We design a user study in the form of an online survey to understand their views, concerns, and actions regarding these systems. Using Academic Prolific, we distribute this to 593 participants from the UK, US, and Germany (roughly 200 from each) targeting specifically pet owners. This study gives insight into the apps and devices used by pet owners, the perceived advantages and disadvantages, concerns, incidents that have occurred, as well as the different perceptions around the data that may be collected by them and how they might protect themselves from these risks. Despite only a few reported incidents with these technologies, we find 521 of the participants expressed concern about an incident, such as a data leak, and the well-being and safety of their pet. Despite these concerns, these participants took far fewer precautions toward protecting the security and privacy of these systems compared to what they employ for their general online security and privacy. The findings of this PhD research give perspective to the overall security and privacy of animal technologies. Our work contributes to the body of knowledge in a holistic and comprehensive way, i.e., regulations review, system studies, secure system design, and user studies. We provide discussions and recommendations for multiple stakeholders such as academic and industrial researchers and designers, farm owners and managers, policymakers, and the end users of animal technologies.