Security Flaw: over 600,000 kid-friendly GPS trackers use 123456 as default password, posing security threat

GPS trackers are helpful tools for families, whether they're used for children, the elderly, or with pets. However, a security firm discovered that the devices may not be as secure and safe as users may think.
People often use small GPS trackers to help them locate children, elderly family members, or even pets. These devices are easy to carry because of the small size, with some even having microphones or cameras, and they are easy to find on sites such as Amazon and eBay for decent prices that range between $25 and $50.
However, a recent discovery by security firm Avast reveals that hundreds of thousands of such GPS trackers may not be secure. Upon testing the T8 Mini GPS Tracker from manufacturer Shenzen i365 Tech as well as 29 similar GPS trackers mostly from the same company, researchers from Avast Threat Labs found that the International Mobile Equipment Identity (IMEI) of the units only have 11 digits when the international standard says it should have 15. What’s more, they also found that these devices all have the same default password: 123456.
Because of this, the researchers easily found over 600,000 devices being used with the same password, all transmitting data in plaintext using commands that are easily reverse engineered.
This means that the potential attackers can have access to the data, and can even modify it to report different coordinates than the ones reported by the tracker. They can also send a text message to the phone attached to the account, thereby obtaining the said phone number, and also restore the devices to factory settings among other privacy and security issues such as access to the microphone.
“As you can see there are strong indicators that this issue goes far beyond the scope of one vendor. We found similar APIs being used by different applications also found models that are not being made by this particular vendor that is linked to this cloud infrastructurem” researchers wrote.
The GPS trackers as well as the 50 affected apps can be found in the Avast report. Researchers reached out to the vendor of the GPS trackers last June 24 but did not get a response.

Views: 99

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto

09 April 2020

08 04 2020

In a first, China knocks U.S. from top spot in global patent race

China was the biggest source of applications for international patents in the world last year, pushing the United

Microsoft invests in PsiQuantum, a startup which is building the world’s first useful quantum computer

Microsoft has been working on quantum computers for several years now. Last year, Microsoft announced Azure

New Samsung Galaxy Z Flip could get 5G — with one major catch

The Samsung Galaxy Z Flip may not be perfect, but it's the most exciting phone we've seen from the company in a while.

Samsung stops new updates for galaxy S7 & S7 Edge

Almost four years ago Samsung had introduced its premium smartphones – Galaxy S7 & S7 Edge. Both the

All Microsoft events will be digital-only until July 2021

Microsoft is planning to make all of its internal and external events digital-only until July 2021 due to the ongoing