Thanks to COVID it is the virtual silly season. No more jamming into malls it is online shopping now. Half of shoppers spend some of their money on pet treats and other supplies this holiday season. If your virtual gift list includes presents for your four-legged buddy – be careful there are some puppy toys out there that can compromise your privacy while Fido is entertained. Mozilla’s “Privacy Not Included” project analyzed the security of pooch-gifts and the results are not good for your privacy.
All of these technologies can become part of the Internet of Things (IoT). IoT technology interconnects them, IoT connects the camera in your living room with the smartphone on your desk, allowing you to monitor your pet while you’re at work. IoT enables the collection and interconnectivity of data. This is extremely important when considering your safety and privacy.
Dogness iPet Robot – This doggy toy costs $299.00 and has all the bells and whistles to keep Fido entertained. It moves and chases your pooch. It has an HD video camera with night vision to record your pup, two-way audio to talk to your doggo, a laser to chase, and the ability to toss treats to your buddy with the click of a button in the app. The iPet Robot connects over Wi-Fi so your home network better be secure – otherwise, somebody could take over the rolling spybot and catch your pooch – or you – in a compromising position.
The Dogness iPet Robot also comes with a “*Privacy Not Included” warning from Mozilla. The bot can roll around your house with a night vision camera and microphone, while connected to Wi-Fi. Mozilla says that both the Dogness device and app can snoop on you. The researchers report the device doesn’t encrypt your data. Dogness doesn’t state what information is collected from the robot, or what they do with it. Dogness uses artificial intelligence but the reviewers could not determine how the firm uses AI.
If that is not scary enough, in March 2020, it was reported that Dogness left its Amazon ElasticSearch server, containing the usernames, emails, clear-text passwords, and session cookies of its users exposed. The unprotected information has lead to the complete exposure of its production SQL database, application source code, and the complete takeover and control of its pet feeding devices and associated accounts.
Mozilla could not determine if the Dogness iPet Robot meets it’s Minimum Security Standards.
Cheerble Wickedbone Interactive Gaming Toy For Dogs –This $78.99 interactive bone is next on the naughty list. You can control this interactive bone through an app on your phone that connects through Bluetooth. From the app you can make the bone roll around and change colors. When you get bored – there’s a 20-minute interactive mode that can entertain your pup without you.
The app requires access to your phone’s GPS location data – why? that a good question. Additionally, the reviews could not determine if the firm encrypted your data, required strong passwords, or uses AI to make decisions about you. And like most IoT devices it doesn’t seem to have a way to manage security vulnerabilities. For these reasons, Mozilla says this pet toy does not meet its Minimum Security Standards.
Fitbark– I first wrote about Fitbark back in 2013. The Fitbark GPS costs $99.95 + subscription + the costs of Verizon’s LTE-M cellular network coverage. It is a bone-shaped tracking device that goes on your dog’s collar and will track her just about anywhere in the U.S. It also connects to Wi-Fi.
The Fitbark monitors your dog’s activity, sleep habits, scratching habits, and stress 24/7. You can link it to your FitBit, Google Fit, or Apple HealthKit apps and you can stress about your doogo’s health too.
Mozilla reports the Fitbark tracks your dog’s movements and whereabouts with Bluetooth. Wi-Fi and GPS. With all that tracking an attacker could keep tabs on you or your pup. The app does collect personal data including; Name, email, phone number, address, date of birth, profile photo, dog’s health, and your dog’s biometric data.
The Felik Pet Companion – This mouse-shaped bot costs $129.00. It has a camera and artificial intelligence to track your pet, learn from their movements, and react to how they hunt so it can simulate real prey. Felik connects to the Wi-Fi in your house and has an app where you can schedule play throughout the day.
Mozilla says the firm seems to try and take privacy and security seriously. They built security and privacy aware features into the dog toy, like the ability to toggle Wi-Fi on and off with a physical button, an indicator light when the camera is streaming, and even an on-device firewall.
Since it has a camera and a microphone it could be sued to snoop on you. And the app tracks your location. The product uses AI to analyze your personal data to make decisions about you. But Users can request an explanation about any decisions taken as a result of automated decision-making by contacting Felix.
rb-
The Felik Pet Companion is the only online dog-toy that I would allow in my home.
The Mozilla *Privacy Not Included buyer’s guide investigates the privacy and security of connected toys, gadgets, and smart home products. They flag products they think consumers should think twice about before buying. Mozilla looks at how well they can confirm a product meets a Minimum Security Standard.
Stay safe out there!
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.