A security firm and the US government are advising the public to immediately stop using a popular GPS tracking device or to at least minimize exposure to it, citing a host of vulnerabilities that make it possible for hackers to remotely disable cars while they’re moving, track location histories, disarm alarms, and cut off fuel.
An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers. BitSight found the device in use in 169 countries, with customers including governments, militaries, law enforcement agencies, and aerospace, shipping, and manufacturing companies.
Ouch, and the point often being that really cheap devices often have not had all the R&D done on securing them. For basic location this may not be serious, but where it is controlling access, alarm systems, shipping, and such like, it does start getting quite serious.
See Critical flaws in GPS tracker enable “disastrous” and “life-threatening” hacks
China-based Micodus has yet to patch critical vulnerabilities in MV720 GPS tracker.