Popular GPS tracker can be remotely hacked anytime, warns security firm
A GPS tracker used as a panic alarm has major security flaws that can leak users’ real-time location and allow it to be remotely deactivated, say UK cyber-security researchers. They are calling for an immediate recall.
Manufactured in China, the devices are bought in bulk and resold by several companies around the world. While the device itself doesn’t have internet connectivity, it does use a SIM card to connect to a cell network for location tracking. However, almost anyone can give the device commands by knowing its phone number and sending it a text.
Exploiting 10,000+ Devices Used by Britain’s Most Vulnerable - One of the most concerning vulnerabilities we've ever identified! https://t.co/7PZ1cpvoaJ— Fidus InfoSecurity (@FidusInfoSec) May 10, 2019
Commands can allow the device’s current location to be divulged and its built-in microphone to be listened to remotely. It can also be turned off completely – all without the user’s knowledge.
READ MORE: US indicts Chinese national in biggest known healthcare hack in its history
The staggering security breach was uncovered by researchers at British cybersecurity firm Fidus Information Security, who have published a report about their astonishing findings. The researchers note that while the SIM can be protected with a PIN, that setting it not enabled by default and the device can still be reset without needing a PIN.
Marketed as an alarm and panic button for the elderly, a monitoring device for children or a car tracker, the device is utilized by thousands of vulnerable people who think it’s keeping them safe, wrote Fidus.
“This device is marketed at keeping the most vulnerable safe and yet anybody can locate and listen into thousands of people’s lives without their knowledge,” warns Fidus director Andrew Mabbitt, TechCrunch reports.Also on rt.com Airbus employee details hacked in unprecedented data breach
Mabbitt explained, in the organization’s blog, that while the team have informed manufacturers of the major security flaws, the only way to fix the issue is to recall tens of thousands of units already in use around the world. There are at least 10,000 in use in the UK alone, according to Fidus.
Like this story? Share it with a friend!