Popular vehicle GPS tracker gives hackers admin privileges over SMS

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,593
Content source
https://www.bleepingcomputer.com/news/security/popular-vehicle-gps-tracker-gives-hackers-admin-privileges-over-sms/
Vulnerability researchers have found security issues in a GPS tracker that is advertised as being present in about 1.5 million vehicles in 169 countries.

A total of six vulnerabilities affect the MiCODUS MV720 device, which is present in vehicles used by several Fortune 50 firms, governments in Europe, states in the U.S., a military agency in South America, and a nuclear plant operator.

The risks stemming from the findings are significant and impact both privacy and security. A hacker compromising an MV720 device could use it for tracking or even immobilizing the vehicle carrying it, or to collect information about the routes, and manipulate data.

Considering the roles of many of the device’s users, nation-state adversaries could leverage them to perform attacks that might have national security implications.

For example, MiCODUS GPS trackers are used by the state-owned Ukrainian transportation agency, so Russian hackers could target them to determine supply routes, troop movements, or patrol routes, researchers at cybersecurity company BitSight say in a report today.
Click to expand...
The security firm discovered the critical flaws on September 9, 2021, and attempted to alert MiCODUS immediately but encountered difficulties finding the right person to accept a security report.

The Chinese vendor of the GPS tracker was contacted again on October 1, 2021, but refused to provide a security or engineering contact. Subsequent attempts to contact the vendor in November didn’t yield a response.

Finally, on January 14, 2022, BitSight shared all the technical details of its findings with the U.S. Department of Homeland Security and requested them to engage with the vendor via their communication channels.

Currently, the MiCODUS MV720 GPS tracker remains vulnerable to the mentioned flaws, and the vendor hasn’t made a fix available.

As such, users of these devices are recommended to disable them immediately until a fix is out or replace them with actively supported GPS trackers. To continue using them would be an extreme security risk, especially after this public disclosure.
Click to expand...
www.bleepingcomputer.com

Popular vehicle GPS tracker gives hackers admin privileges over SMS

Vulnerability researchers have found security issues in a GPS tracker that is advertised as being present in about 1.5 million vehicles in 169 countries.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: upnorth, plat and harlan4096
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Security News Project Zero: The Windows Registry Adventure #1: Introduction and research results
Replies
0
Views
607
Security News
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
MyloBot Botnet Spreading Rapidly Worldwide: Infecting Over 50,000 Devices Daily
Replies
0
Views
455
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • +Reputation
    • Like
    • Wow
Hackers Take Control of Government-Owned Satellite in Alarming Experiment
Replies
0
Views
1,036
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top