At a glance.
- Hackers could play fetch with pet app user data.
- Booking.com says it wasn’t compromised by recently discovered bugs.
Bow-wow, WOW! Hackers could play fetch with pet app user data.
While the fast-growing industry of pet tech – which includes wearable heart rate monitors, smart feeding systems, and pet health apps – is intended to help pet owners improve their furry friends’ quality of life, it could be putting their privacy, and that of their two-legged masters, at risk. Researchers at Newcastle University and Royal Holloway, University of London analyzed forty leading Android pet tech apps and found that they could be compromising user data. Study Finds reports that more than half of the apps violate data protection laws by tracking the user before they’ve given consent. Passwords were found to be the most vulnerable data, and three of the apps evaluated exposed user login details in plain text within non-secure HTTP traffic. All but four of the apps include tracking features to help the pet owner keep tabs on their fur baby, software that could be abused by cybercriminals to track the user’s whereabouts and even the type of device being used. What’s more, the apps’ privacy policies were found to be lacking when it comes to informing users about how their data are being handled.
Lead study author and Newcastle PhD student Scott Harper told Royal Holloway, “While owners might use these apps for peace of mind about the health of their dog or where their cat is, they may not be happy to find out about the risks the apps hold for their own cybersecurity.” The researchers surveyed nearly six hundred participants from the UK, Germany, about the technologies they use and what they do to protect their privacy, and they found that while users were aware that their pet apps could be vulnerable to attack, they do little to proactively protect themselves. Harper states,”We would urge anyone using these apps to take the time to ensure they are using a unique password, check the settings and ensure that they consider how much data they are sharing or willing to share.”
Booking.com says it wasn’t compromised by recently discovered bugs.
Several critical security flaws were discovered in online travel platform Booking.com that could be exploited by hackers to conduct widespread account takeovers and server breaches. SC Media explains that the vulnerabilities, which are linked to OAuth misconfigurations, have now been remediated and do not appear to have been used to access Booking.com customer accounts. However, Salt Security's Salt Labs research team says such access could have exposed sensitive user data including personally identifiable information. Booking.com owner Booking Holdings’ other sites, which include Kayak.com, were also impacted by the bugs. Salt Security Vice President of Research Yaniv Balmas explains, "OAuth has quickly become the industry standard and is currently in use by hundreds of thousands of services around the world. As a result, misconfigurations of OAuth can have a significant impact on both companies and customers as they leave precious data exposed to bad actors.”