The US Cybersecurity and Infrastructure Security Administration is also warning about the risks posed by the critical security bugs. “Organizations using any MiCODUS GPS tracker, regardless of the model, should be alerted to insecurity regarding its system architecture, which may place any device at risk.” Advertisement “BitSight recommends that individuals and organizations currently using MiCODUS MV720 GPS tracking devices disable these devices until a fix is made available,” researchers wrote. As of the time of writing, all of the vulnerabilities remain unpatched and unmitigated. BitSight and CISA finally went public with the findings on Tuesday after trying for months to privately engage with the manufacturer. The security firm said it first contacted Micodus in September to notify company officials of the vulnerabilities. Other vulnerabilities include a flawed authentication mechanism in the mobile app that can allow attackers to access the hardcoded key for locking down the trackers and the ability to use a custom IP address that makes it possible for hackers to monitor and control all communications to and from the device. One flaw is the use of unencrypted HTTP communications that makes it possible for remote hackers to conduct adversary-in-the-middle attacks that intercept or change requests sent between the mobile application and supporting servers. BitSight found the device in use in 169 countries, with customers including governments, militaries, law enforcement agencies, and aerospace, shipping, and manufacturing companies.īitSight discovered what it said were six “severe” vulnerabilities in the device that allow for a host of possible attacks. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. A security firm and the US government are advising the public to immediately stop using a popular GPS tracking device or to at least minimize exposure to it, citing a host of vulnerabilities that make it possible for hackers to remotely disable cars while they’re moving, track location histories, disarm alarms, and cut off fuel.Īn assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |