Are Weenect GPS trackers secure?
The problem of lost pets it not something new, but the measures currently taken in this area don’t seem to be doing enough: when it comes to security for connected objects you might as well be talking unicorns; it’s pipe dream.
The BEUC, a group of European associations that defends consumers,has just highlighted the shortcomings of children's GPS manufacturers (in particular), based on a Norwegian study.
Weenect makes the security of your personal data its priority
A unique distinguishing tag
Our users’ trackers are permanently connected to our services via the built-in SIM card. Simple? It looks that way. Each tracker has it’s own distinguishing tag which is only known by the tracker and the server it communicates with. This means that a third party wanting to do harm would have any attempt to connect declined as they don’t know the tag - this works both on the side of the tracker and the server; an old, proven secret agent technique applied to technology.
In fact, it’s impossible to ask anything of the tracker without the green light from the server: no calls, no sound or vibration can be activated and there’s no way to tune in accidently. It’s also impossible to rig the GPS position that the tracker sends; each position posted is checked.
Anonymisation of data
The advantage of GPS positioning is that in itself it tells you nothing. A story always needs a main character to capture the readers’ attention. So all our data are anonymous: one server for locations, one server for account details. This means that a location can never be linked to an account or a particular tracker.
A unique account
One risk shown by the study was the register of a tracker on a second account, allowing a hacker to access geolocalisation data. At Weenect a tracker can only be added to a single account. Once its identification number has been registered on an account it is technically impossible to try and add it to another account.
All connections between your telephones (via the app or your computer) and our servers are encrypted in HTTPS. So, it’s impossible for anyone to place themselves between the two to listen to their communication.
The right to oblivion
All the data in an account (and its trackers) are stored for 30 days on our main server. Then it’s kept on secondary servers for one year (in case of force majeure), before finally being definitively deleted. Our users can request for their data to be deleted during this year period if they want it done before the year is up.