Hundreds of GPS Location Tracking Services Leaving User Data Open to Hackers

Discussion in 'Tech news' started by daljeet, Jan 7, 2018.

  1. daljeet

    daljeet Senior Member Known Member

    Security researchers have unearthed multiple vulnerabilities in hundreds of GPS services that could enable attackers to expose a whole host of sensitive data on millions of online location tracking devices managed by vulnerable GPS services.

    The series of vulnerabilities discovered by two security researchers, Vangelis Stykas and Michael Gruhn, who dubbed the bugs as 'Trackmageddon' in a report, detailing the key security issues they have encountered in many GPS tracking services.

    Trackmageddon affects several GPS services that harvest geolocation data of users from a range of smart GPS-enabled devices, including children trackers, car trackers, pet trackers among others, in an effort to enable their owners to keep track of where they are.

    According to the researchers, the vulnerabilities include easy-to-guess passwords (such as 123456), exposed folders, insecure API endpoints, and insecure direct object reference (IDOR) issues.

    By exploiting these flaws, an unauthorized third party or hacker can get access to personally identifiable information collected by all location tracking devices, including GPS coordinates, phone numbers, device model and type information, IMEI numbers, and custom assigned names.

    Full source:
  2. Google Adsense

Share This Page