Hacker broke Two GPS Tracking App
Ability To Monitor Car Location and to Kill Car Engines
Thousands of users are insecure
“I can absolutely make a big traffic problem all over the world,” the hacker said.
He also claims that have exploited a very basic vulnerability in the GPS tracking apps. The apps reportedly gives default password “123456” to their customers. And by using brute-force technique the millions of user accounts with default password. ‘
He also grab the details of the names and models of the GPS tracking devices, real names of users, phone numbers, email addresses, device IMEI numbers, and physical addresses.
According to Motherboard,
The hacker claims that he broke thousands of accounts belonging to users of GPS tracker apps including iTrack and ProTrack accounts and ability to monitor the locations of tens of thousands of vehicles and even granting the ability to turn off the engines of some of them as they were driving.
Both of the apps developed in China, share the same code and UI, by doing reverse engineering hacker easily successfully breaching the user accounts.
Due to insecure apps causing the serious security vulnerability and put their customers life in danger. The hacker, who goes by the name LandM, told Motherboard he hacked into more than 7,000 iTrack accounts and more than 20,000 ProTrack accounts, two apps that companies use to monitor and manage fleets of vehicles through GPS tracking devices.
The hacker was able to track vehicles in a handful of countries around the world, including South Africa, Morocco, India, and the Philippines. On some cars, the software has the capability of remotely turning off the engines of vehicles that are stopped or are traveling 12 miles per hour or slower, according to the manufacturer of certain GPS tracking devices.
“My target was the company, not the customers. Customers are at risk because of the company,” L&M told Motherboard in an online chat. “They need to make money, and don’t want to secure their customers.”