This popular GPS tracker can be hacked to shut down your vehicle’s engine


A popular GPS tracker used in millions of vehicles around the world has been found to have multiple high-severity vulnerabilities, which allow threat actors to track vehicle locations, completely shut down vehicles, shut down their fuel and control the devices. from a distance.

To make matters worse, the manufacturer doesn’t seem at all interested in fixing the flaws.

A report (opens in a new tab) by BitSight said the MiCODUS MV720 GPS Tracker, a Chinese product, had six high-severity vulnerabilities. These are now tracked as CVE-2022-2107; CVE-2022-2141; CVE-2022-2199; CVE-2022-34150; and CVE-2022-33944, one of which has a severity score of 9.8.

Basic faults

Adding insult to injury is the fact that flaws aren’t that hard to exploit. Pedro Umbelino, senior security researcher at BitSight, explains that the company discovered that the web interface and mobile app share the same default password, while the GPS tracker accepts certain commands even without authentication.

“Basic flaws in this vendor’s overall system architecture raise significant questions about the vulnerability of other models,” he concluded.

What’s worse is that the manufacturer doesn’t seem at all interested in plugging those holes. BitSight says it contacted the company, but its warnings fell on deaf ears: “BitSight shared its research with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) when its disclosure efforts vulnerability to MiCODUS have been ignored”. indicated report.

Until the manufacturer fixes the issues, the company has concluded that businesses and individuals should stop using the MiCODUS MV720 GPS Tracker because the risk is far too great. Currently, MiCODUS has more than 420,000 customers, including government, military, law enforcement, and Fortune 1000 companies, BitSight claims.

“If China can remotely control vehicles in the United States, we have a problem,” said Richard Clarke, an internationally renowned national security expert and former presidential adviser on cybersecurity.

“With the rapid growth of mobile device adoption and our society’s desire to be more connected, it’s easy to overlook the fact that GPS tracking devices such as these can dramatically increase cyber risk. if they are not designed with security in mind.BitSight’s research findings highlight how having a secure IoT infrastructure is even more critical when these vulnerabilities can easily be exploited to impact our personal security and national level, and lead to extreme results such as disruption of large-scale fleet management and even loss of life.

Source link


Comments are closed.