Casa > cibernético Notícias > Trackmageddon: Serviço de rastreamento de localização GPS tornando você hackeável
CYBER NEWS

Trackmageddon: Serviço de rastreamento de localização GPS tornando você hackeável

There is hardly a day without any privacy-related incident, data breach or vulnerability disclosure. It turns out that even many of the GPS services we use on a daily basis are full of multiple vulnerabilities.

These vulnerabilities, dubbed Trackmageddon could allow an unauthorized third party access to the location data of all location tracking devices managed by the vulnerable online services.

Story relacionado: Falhas GPS Segurança Cibernética pôr em perigo envio Indústria

Security researchers Vangelis Stykas and Michael Gruhm who discovered the flaws named them collectively Trackmageddon. The flaws are located in 103 online services which makes millions of devices vulnerable. It appears that these services are running vulnerable tracking location software developed and licensed by ThinkRace, an Indian GPS manufacturer.

Trackmageddon Vulnerabilities In Detail

Como já mencionado, the flaws affect several GPS services that collect the geolocation of users using smart GPS-enabled devices like children trackers, car trackers and pet trackers. Researchers have reported that the flaws include elementary passwords, exposed folders, insecure API endpoints, among other issues.

In case the flaws are exploited, an unauthorized third party can obtain access to personal information that is collected by location tracking devices. This information is personally identifiable and it includes:

  • Coordenadas GPS;
  • Números de telefone;
  • Device model and type;
  • IMEI numbers;
  • Custom assigned names;
  • Photos and audio recordings uploaded by the location tracking devices.

sim, você leu corretamente. Even photos and audio recordings are at risk of being exploited.

Story relacionado: 15-Year-Old MacOS Bug em Leads IOHIDFamily ao comprometimento do sistema completa

This is what the researchers wrote:

We tried to give the vendors enough time to fix (also respond for that matter) while we weighted this against the current immediate risk of the users. We understand that only a vendor fix can remove user’s location history (and any other stored user data for that matter) from the still affected services but we (and I personally because my data is also on one of those sites) judge the risk of these vulnerabilities being exploited against live location tracking devices much higher than the risk of historic data being exposed.

Read more about Trackmageddon aqui.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...