6 bugs in popular Chinese GPS tracker put 1.5 mn vehicles at tracking risk


New Delhi, Jul 20 (IANS): Cyber-security researchers have discovered six severe vulnerabilities in a popular Chinese-built vehicle GPS tracker, potentially allowing hackers to track individuals without their knowledge, remotely disable fleets of corporate supply and emergency vehicles, abruptly stop civilian vehicles on dangerous highways, and more.

Cyber-security company BitSight said the critical bugs are found in 'MiCODUS' GPS tracker and there are believed to be 1.5 million MiCODUS devices, across 169 countries, in use today by individual consumers, government agencies, militaries, law enforcement and corporations.

"Organisations identified using MiCODUS GPS trackers include a Fortune 50 energy, oil and gas company, a national military in South America, a Fortune 50 technology company, a nuclear power plant operator, and a state on the East Coast of the US," the researchers said in their report late on Tuesday.

The affected GPS tracking device is manufactured by Shenzhen, China-based company MiCODUS.

Consumers, militaries, law enforcement agencies, and corporations install MiCODUS GPS trackers in vehicles to monitor real-time locations and speeds, historical routes, and to remotely cut off fuel in the event of theft.

Users access a dashboard, or use SMS text messaging, to send commands directly to deployed devices.

Each MV720 is sold for approximately $20 on Amazon, Aliexpress, Ebay, Alibaba, and other major online retailers, making it available to anyone.

"If China can remotely control vehicles in the US, we have a problem," said Richard Clarke, national security expert and former presidential advisor on cybersecurity.

"With the fast growth in adoption of mobile devices and the desire for our society to be more connected, it is easy to overlook the fact that GPS tracking devices such as these can greatly increase cyber risk if they are not built with security in mind," he added.

Civilians, politicians, business leaders, and others could be tracked without their knowledge or consent, threatening personal safety and confidentiality. Unlawful tracking is a growing privacy concern.

Bad actors could learn the travel routes of unsuspecting home or business owners, informing planned burglaries or other criminal activities, warned researchers.

"An attacker could cut fuel to a civilian's vehicle and deploy ransomware, demanding a ransom to return the vehicle to working condition," they added.

 

  

Top Stories


Leave a Comment

Title: 6 bugs in popular Chinese GPS tracker put 1.5 mn vehicles at tracking risk



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.