- Security Flaw found in 600,000 GPS Trackers
- Exposing Users Data and Real Time Location.
- The GPS trackers have same default password of 123456.
- Mostly trackers are manufactured by Chinese companies.
GPS Tracker is help to locate your Car, Pets, Kids, Friend. But what about when it become Vulnerable?
The vulnerabilities could allow an cyber attacker to take over user accounts and can locate real time location or can access the microphone found by Avast security researchers.
The devices expose data sent to the cloud, including the exact real-time GPS coordinates of children.
Twenty-nine models of trackers – made by the Chinese manufacturer, Shenzhen i365 Tech and resold through various brands – showed the vulnerabilities. Avast Threat Labs first analyzed the T8 Mini child tracker and found the companion mobile app is downloaded from an unsecured website, exposing the users’ information.
Further security issues involved user account information, which comes with an assigned ID number and default password of 123456. Design flaws in the trackers can also enable third-parties to “spoof” (or fake) the user’s location, or access the microphone for eavesdropping.
Martin Hron, senior researcher at Avast who led this research said, advises consumers to opt for an alternative product from a more trustworthy brand that has built security into the product design. As with any off-the-shelf “smart” device, Avast recommends changing the default admin passwords to something more complex. However, in this case, even that would not stop a motivated hacker from intercepting the unencrypted traffic.
Security researchers reported these vulnerabilities to manufacturer companies but since they didn’t get updates.
“We have done our due diligence in disclosing these vulnerabilities to the manufacturer, but since we have not heard back after the standard window of time, we are now issuing this Public Service Announcement to consumers and strongly advise you to discontinue use of these devices,” Hron said.