GPS Location Tracking Services Are Vulnerable To Multiple Vulnerabilities

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn6

Security researchers have published a report on a series of flaws that they called “Trackmageddon” that affect many GPS and location tracking services. These security flaws could allow cybercriminals to reveal sensitive data on millions of online location tracking devices controlled by vulnerable GPS services.

Cybercriminals can use the Trackmageddon flaws to expose information such as GPS coordinates, location history, device model and type, serial number, mobile number and maybe private data —depending on the tracking service and device configuration.

They can obtain access to data by using the default credentials (like “123456”), and insecure direct object reference vulnerabilities, which enable an authenticated attacker to access other users’ accounts simply by modifying the value of a parameter in the URL.

The researchers tried to contact the vendors behind the affected tracking services to informing them of the severity of these security flaws. They have published a list of services who patched or may have patched the vulnerabilities, a list of services still exposing data, and a list of vulnerable devices.

According to researchers:
As long as the online service managing your device is still vulnerable changing your password will not matter and there is unfortunately not much you can currently do to protect yourself besides stopping to use the device.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn6
The following two tabs change content below.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply