Trackmageddon: GPS Location Tracking Service Making You Hackable
NEWS

Trackmageddon: GPS Location Tracking Service Making You Hackable

There is hardly a day without any privacy-related incident, data breach or vulnerability disclosure. It turns out that even many of the GPS services we use on a daily basis are full of multiple vulnerabilities.

These vulnerabilities, dubbed Trackmageddon could allow an unauthorized third party access to the location data of all location tracking devices managed by the vulnerable online services.

Related Story: GPS Cybersecurity Flaws Endanger Shipping Industry

Security researchers Vangelis Stykas and Michael Gruhm who discovered the flaws named them collectively Trackmageddon. The flaws are located in 103 online services which makes millions of devices vulnerable. It appears that these services are running vulnerable tracking location software developed and licensed by ThinkRace, an Indian GPS manufacturer.

Trackmageddon Vulnerabilities In Detail

As already mentioned, the flaws affect several GPS services that collect the geolocation of users using smart GPS-enabled devices like children trackers, car trackers and pet trackers. Researchers have reported that the flaws include elementary passwords, exposed folders, insecure API endpoints, among other issues.

In case the flaws are exploited, an unauthorized third party can obtain access to personal information that is collected by location tracking devices. This information is personally identifiable and it includes:

  • GPS coordinates;
  • Phone numbers;
  • Device model and type;
  • IMEI numbers;
  • Custom assigned names;
  • Photos and audio recordings uploaded by the location tracking devices.

Yes, you read correctly. Even photos and audio recordings are at risk of being exploited.

Related Story: 15-Year-Old macOS Bug in IOHIDFamily Leads to Full System Compromise

This is what the researchers wrote:

We tried to give the vendors enough time to fix (also respond for that matter) while we weighted this against the current immediate risk of the users. We understand that only a vendor fix can remove user’s location history (and any other stored user data for that matter) from the still affected services but we (and I personally because my data is also on one of those sites) judge the risk of these vulnerabilities being exploited against live location tracking devices much higher than the risk of historic data being exposed.

Read more about Trackmageddon here.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...