Skip to main content

Two Years After Discovery Dangerous Security Hole Lingers in GPS Services

posted onJanuary 4, 2018
by l33tdawg

Security researchers warned of a serious vulnerability in a GPS service by the China-based firm ThinkRace exposes sensitive data in scores of GPS services, more than two years after the hole was discovered and reported to the firm. (Update: added comment from John van den Oever, the CEO of one2track B.V – PFR 1/3/2018)

Data including a GPS enabled device’s location, serial number, assigned phone number and model and type of device can be  accessed by any user with access to the GPS service. In some cases, other information is available including the device’s location history going back 1 week. In some cases, malicious actors could also send commands to the device via SMS including those used to activate or deactivate GEO fencing alarms features, such as those used on child-tracking devices.

The vulnerabilities affect hundreds of thousands of connected devices that use the GPS services, from smart watches, to vehicle GPS trackers, fitness trackers, pet trackers and more. At issue are security holes in back-end GPS tracking services that go by names like amber360.com, kiddo-track.com, carzongps.com and tourrun.net, according to Michael Gruhn, an independent security researcher who noted the insecure behavior in a location tracker he acquired and has helped raise awareness of the widespread flaws. Working with researcher Vangelis Stykas, Gruhn discovered scores of seemingly identical GPS services, many of which have little security, allowing low-skill hackers to directly access data on GPS tracking devices.

Source

Tags

Security Privacy

You May Also Like

Recent News

Monday, January 15th

Friday, January 12th

Thursday, January 11th

Wednesday, January 10th