An estimated 600,000 GPS tracking devices for sale on Amazon and other large online merchants for $25–$50 have been found susceptible to vulnerabilities that have exposed user’s real-time locations, security researchers have claimed. Cybersecurity researchers from Avast discovered that 29 models of GPS tracker made by Chinese Technology Company Shenzhen i365 for keeping tabs on young children, elderly relatives, and pets contain a number of security vulnerabilities. Over half a million tracking devices were shipped with the same default password of “123456,” giving an opportunity for attackers to easily access tracking information. The remote attackers could track real-time coordinates of the intended person wearing the device, change the location of the device and assign an incorrect location on to it and can even access the microphone which can be used for eavesdropping. This possible access to GPS tracker information is because of the vulnerabilities in GPS tracker password which had been wrongfully set as the default password which makes possible for hackers to exploit and get access to vital information by just having an internet connection.

Image source: thehackernews.com

The most vulnerable of the features that allow access to GPS tracking by hackers is the communication between the cloud and GPS tracker. ‘Cloud and the device’s companion mobile Apps,—all use unencrypted plain text HTTP protocol, allowing attackers to intercept exchanged data and issue unauthorized commands. Researchers found that remote attackers can obtain real-time GPS coordinates of a target device just by sending an SMS to the phone number associated with the SIM card which provides DATA+SMS capabilities to the device. As the attacker is informed about the phone number and password, the attacker uses the SMS as an attack vector. The manufacturer of the GPS tracker Shenzen i365 has apologized.

Image source: thehackernews.com

Source: The Hacker News


Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.


Tags: #deep_web_links #Tor_.onion_urls_directories #Deep_Web_Sites_Links #Dark_Web_Links_Hidden_Wiki #Dark_web_directories

SHARE
Previous articleOnline Ad Bans: An Unintended Consequence
Next articleA Summer of Discontent: The Hottest Malware Hits
DEMARCO BERRY
Demarco Berry is a senior writer for Dark Web Link, covering security, privacy, information freedom, and hacker culture. Before coming to Dark Web Link, he worked as a senior writer for The New York magazine. Demarco has received his bachelor’s degree from Haverford College and a master’s degree from New York University’s business and economic reporting program.

LEAVE A REPLY

Please enter your comment!
Please enter your name here