Security Flaw: over 600,000 kid-friendly GPS trackers use 123456 as default password, posing security threat

GPS trackers are helpful tools for families, whether they're used for children, the elderly, or with pets. However, a security firm discovered that the devices may not be as secure and safe as users may think.
People often use small GPS trackers to help them locate children, elderly family members, or even pets. These devices are easy to carry because of the small size, with some even having microphones or cameras, and they are easy to find on sites such as Amazon and eBay for decent prices that range between $25 and $50.
However, a recent discovery by security firm Avast reveals that hundreds of thousands of such GPS trackers may not be secure. Upon testing the T8 Mini GPS Tracker from manufacturer Shenzen i365 Tech as well as 29 similar GPS trackers mostly from the same company, researchers from Avast Threat Labs found that the International Mobile Equipment Identity (IMEI) of the units only have 11 digits when the international standard says it should have 15. What’s more, they also found that these devices all have the same default password: 123456.
Because of this, the researchers easily found over 600,000 devices being used with the same password, all transmitting data in plaintext using commands that are easily reverse engineered.
This means that the potential attackers can have access to the data, and can even modify it to report different coordinates than the ones reported by the tracker. They can also send a text message to the phone attached to the account, thereby obtaining the said phone number, and also restore the devices to factory settings among other privacy and security issues such as access to the microphone.
“As you can see there are strong indicators that this issue goes far beyond the scope of one vendor. We found similar APIs being used by different applications also found models that are not being made by this particular vendor that is linked to this cloud infrastructurem” researchers wrote.
The GPS trackers as well as the 50 affected apps can be found in the Avast report. Researchers reached out to the vendor of the GPS trackers last June 24 but did not get a response.

Views: 29

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto

18 September 2019

17 09 2019

Popular consumer and enterprise routers, IoT devices contain remote access vulnerabilities

As devices become smarter and Internet-connected, the potential attack surface for cyberattackers increases

Volocopter tests air taxi in urban environment

Volocopter has completed the first phase of the testing of its Volovopter 2X air taxi in urban environment

Edward Snowden advised officials to abandon WhatsApp and Telegram

Representatives of the government, using WhatsApp and Telegram messengers for communication, are at great risk

Motorola TV With Android TV 9.0 Launched

Motorola has jumped onto a new product line and announced its own TV series

Wi-Fi Alliance launches Wi-Fi 6 certification

The Wi-Fi Alliance has officially launched the Wi-Fi 6 certification programme just under a year after the standard 

First Earth observation satellite with AI ready for launch

A few months from now will see the launch of the first European satellite to demonstrate how onboard artificial intelligence 

Vivo announces Nex 3 5G with ‘waterfall’ curved screen, 64-megapixel camera, and virtual buttons

After months of leaks and teases, Vivo’s Nex 3 is finally official. As expected, the headline feature is its “Waterfall FullView” OL