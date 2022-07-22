There are many vehicles that are circulating on the roads around the world that have GPS trackers to keep them under control at all times. But a specific model that has been designed in China It has numerous vulnerabilities that allow them to be easily exploited.making it possible at any time know the exact location of 1,000,000 vehicles around the world it is included turn off the engine.

The startup BitSight has reported six vulnerabilities in the GPS tracker model MV720 produced by MiCODUS based in Shenzhen. Among its reports, it is pointed out that this model is installed in more than 1.5 million vehicles around the world. These can be found in fleets of company cars, military cars, government cars, and also rental or loaner cars.

A tracker that allows anyone to view your location

This company has found the necessary method to be able to exploit these devices with relative ease. This way you can locate on a map in real time (as it has been possible to do) the location of all these vehicles, access the previous routes and also turn off the engine while it is running. This is therefore a danger to the privacy of drivers, but also to their own safety.



Each red dot represents a MiCODUS user.

But this is not the main problem that arises. The main drawback is in the laziness of the company with these problems in the crawlers code. That is why BitSight and the United States cybersecurity agency have contacted all the owners of this tracker to remove them as soon as possible.

In addition to this, the researchers found in the code as the default password to access your settings is 123456. Without a doubt, its creators did not follow the recommendations to create a secure password, since whoever has not made the change will have a serious problem in this regard.

The next bug is related to tracking the paths in different Excel sheets, making it really accessible. The researchers affirm that there are many countries in which this device is operating, including Spain, Germany, Poland or France. At the moment, due to the insistence to be able to solve these failures, they have not received answers, meaning that the MiCODUS company is not working on a solution.

Via | TechCrunch