Popular GPS tracker can be remotely hacked anytime - security firm
A GPS tracker used as a panic alarm has major security flaws that can leak users’ real-time location and allow it to be remotely deactivated, say UK cyber-security researchers. They are calling for an immediate recall.
© Reuters / Kacper Pempel
Manufactured in China, the devices are bought in bulk and resold by several companies around the world. While the device itself doesn’t have internet connectivity, it does use a SIM card to connect to a cell network for location tracking. However, almost anyone can give the device commands by knowing its phone number and sending it a text.
https://twitter.com/FidusInfoSec/status/1126816175265071104
Commands can allow the device’s current location to be divulged and its built-in microphone to be listened to remotely. It can also be turned off completely – all without the user’s knowledge.
The staggering security breach was uncovered by researchers at British cybersecurity firm Fidus Information Security, who have published a report about their astonishing findings. The researchers note that while the SIM can be protected with a PIN, that setting it not enabled by default and the device can still be reset without needing a PIN.
Marketed as an alarm and panic button for the elderly, a monitoring device for children or a car tracker, the device is utilized by thousands of vulnerable people who think it’s keeping them safe, wrote Fidus.
“This device is marketed at keeping the most vulnerable safe and yet anybody can locate and listen into thousands of people’s lives without their knowledge,” warns Fidus director Andrew Mabbitt, TechCrunch reports.
Mabbitt explained, in the organization’s blog, that while the team have informed manufacturers of the major security flaws, the only way to fix the issue is to recall tens of thousands of units already in use around the world. There are at least 10,000 in use in the UK alone, according to Fidus.
Original: https://www.rt.com/news/459001-gps-shows-real-time-location/
That's not surprising...what is surprising is that they're actually recalling it. These kind of security holes are common these days. There are devices in many people's homes that can be hacked to become bugs. There are tons of cameras with sub-par security. The majority of them just remain on the market. It's good that they have recalled the device, unlike so many others.
I think the article is saying the researchers are calling for a recall. And I don't think a recall has actually been issued by the company or any of the resellers. Even if there is a recall how many people that have the devices will get the recall notice or act on it if they do?
Yeah, that sounds more realistic. If that's the case, I doubt the company will issue a recall. Maybe a patch...that will itself likely not be applied by the majority of people.
I think these companies with these devices with huge holes in them do open themselves up to liability. We'll see how long it takes for the law the recognize that though.
Yeah, that's a pretty big oops...